wiki icon indicating copy to clipboard operation
wiki copied to clipboard

Published 20 hours ago verified publisher icon requarks

SSL certificate expiry dates do not match

Open ravenzachary opened this issue 4 years ago • 15 comments

Describe the bug If you look at the certificate expiration date on the Let's Encrypt SSL Certificate in the browser and then compare that the certificate expiration date in the Admin > SSL section of the Wiki, the dates do not match. Currently, the Admin panel is showing an expiration date of 29 January 2021 and the browser cert details lists 22 April 20201.

To Reproduce Steps to reproduce the behavior:

  1. Load the wiki site with SSL and view the SSL certificate expiration date in the browser.
  2. Go to the SSL section of the Admin area of your wiki and view the SSL certificate expiration date on this page.
  3. Compare them - they will not be the same.

Expected behavior The SSL certificate expiration date should be the same.

Screenshots Screen Shot 2021-01-22 at 10 19 23

Host Info (please complete the following information):

  • OS: Ubuntu 19.09 x64
  • Wiki.js version: 2.5.159
  • Database engine: PostgreSQL 11.5

Additional context Add any other context about the problem here.

ravenzachary avatar Jan 22 '21 18:01 ravenzachary

This problem causes using up the rate limit of Let's encrypt. If I switch wiki.js server on and off on daily basis, it will end up the error 5 days later.

https://letsencrypt.org/docs/rate-limits/

cashewnuts avatar Jan 29 '21 23:01 cashewnuts

I experience the same problem. It will try to update the cert far too often.

PaulKlumpp avatar Feb 24 '21 01:02 PaulKlumpp

Came here to post the same screenshot :)

JetForMe avatar May 16 '21 08:05 JetForMe

Same behavior here. Just upgraded to wiki.js version 2.5.201 and I still see the issue. image

dazzag24 avatar Jun 07 '21 10:06 dazzag24

@NGPixel Is there any update on this? My company's wiki site is completely down due to this, I believe. The error logs are spitting out the letsencrypt throttling error. The strange part is I haven't tried to restart the server until it was unreachable (after the throttling limit was reached). Is there at least a workaround for this? Screen Shot 2021-09-23 at 3 49 01 PM

What I believe is happening...

  • Wiki.js thinks that the cert is expired when it's not
  • The server probably checks this on startup (?)
  • The server attempts to renew the certificate, and letsencrypt returns the 429
  • The UI is not able to load up because the server errors out

I have the following settings enabled:

  • SSL
  • SSL auto re-renew
  • HTTP -> HTTPS redirect

The server worked really well for a month, and then this. I'm unable to reach the UI via HTTP or HTTPS. I can access the database, but I'm not really sure what I should be trying to do in order to reset/get around this. Any help would be appreciated ✊

rogersgt avatar Sep 23 '21 19:09 rogersgt

@rogersgt A simple restart of Wiki.js will trigger a certificate renewal. However it seems you exceeded the API limit so that won't work. I suggest disabling HTTPS for now (see https://docs.requarks.io/troubleshooting#how-to-manually-disable-https-ssl-redirection) and consider using a reverse proxy like Cloudflare or put an nginx instance in front.

NGPixel avatar Sep 23 '21 20:09 NGPixel

for temporary solution, you can edit letsencrypt.payload.expires in table settings

biji avatar Oct 24 '21 12:10 biji

Doen anyone know when the certificate is actually attempted renewed? to me it looks like the code is either run when the server is started, or when the Renew button is clicked in the gui. But I can't find any code that would run the certificate check regularly.

Right now my SSL page says the certificate is expired yesterday, and letsdebug.org says there is no renewal requests.

snarum avatar Nov 17 '21 14:11 snarum

@snarum That's correct. There's no automatic renewal at the moment and yes, it needs to be added.

NGPixel avatar Nov 18 '21 05:11 NGPixel

Hi all! I have a problem directly related to this one, I'm using versión 2.5.275, and got the email from let's encrypt my current cert only has a few days left, I have the "Renew certificate" button on the SSL admin section but the request triggered from clicking it returns an error of "Empty response", any suggestions? or anyone else having this issue?

jonystorm avatar Feb 17 '22 14:02 jonystorm

Suggest you restart your docker containers.. I hit that error before and restarting the containers cleared it up.

scott-dunt avatar Feb 17 '22 15:02 scott-dunt

I confirm this is still a problem. For me it seems to be showing the issued date rather than the expiration date.

FiretronP75 avatar Aug 30 '23 00:08 FiretronP75

@NGPixel , any update on automatic renewal certificate feature?

charlezkwan avatar Nov 13 '23 15:11 charlezkwan

I can confirm this is still a problem with Wiki.js 2.5.300

miller-coffee avatar Jan 25 '24 18:01 miller-coffee

I can confirm this issue is still present in Wiki.js 2.5.301. Will this issue cause SSL requests to begin failing when the displayed date has passed? This is the first SSL I have issued for my Wiki.js deployment and I can't quite tell if this is just an issue with what is displayed in the interface or if it is an actual configuration problem that is going to manifest as failed requests. The newly issued SSL certificates display as fine in a browser. Appreciate any information someone can give me on this, and will be investigating nginx implementation in the meantime.

integrity-develop avatar Mar 01 '24 21:03 integrity-develop