zoraxy icon indicating copy to clipboard operation
zoraxy copied to clipboard
verified publisher icon tobychui

[BUG] Certificate Auto Renew not working

Open KmdKeen opened this issue 1 year ago • 3 comments

Describe the bug Since updating to 3.1.0 / 3.1.1. auto renew is not working.

Expected behavior I have a lot of certificates and need them to be auto-renewed. Some of them are expiring in 6 days and should be renewed, but even with disabling/re-enabling the autorenew nothing changes.

Manually renewing works!

Screenshots grafik

Host Environment (please complete the following information):

  • Arch: [amd64]
  • Device: Proxmox
  • OS: Debian LXC
  • Version 12

KmdKeen avatar Sep 26 '24 08:09 KmdKeen

@KmdKeen Thanks for the report. I am having the same issue on some of my homelab nodes. I will look into it recently and will let you know if I found something.

tobychui avatar Sep 26 '24 11:09 tobychui

Awesome! Thanks alot! Small sitenote: The sort-function in the certificate-table is working for the certificate name, but not the other columns like "Last Updated" or "Expires At"

KmdKeen avatar Sep 26 '24 12:09 KmdKeen

The sort-function in the certificate-table is working for the certificate name, but not the other columns like "Last Updated" or "Expires At"

Right, when you mention about this, now I notice that table should not be sortable using "Last Update" or "Expires At" as by default this should be sorted by domain name alphabetically. I will remove the sorting function on these fields in next release.

tobychui avatar Sep 26 '24 15:09 tobychui

Hey @tobychui ,

sure this issue is closed? I again have certificates not getting auto-renewed:

grafik

KmdKeen avatar Nov 13 '24 16:11 KmdKeen

@KmdKeen I think it shd be fixed. I asked @yeungalan (ACME module maintainer) to test it out for me and he say it is ok. Maybe you can provide us the log during Zoraxy startup and 24 hours after startup and see if the auto renewer have some issue on your system? If everything is working, you shd be able to see the auto renewer debug log like this.

2024-11-14 06:41:31.673091] [internal] [system:info] Starting ACME handler
[2024-11-14 06:41:31.677091] [cert-renew] [system:info] ACME early renew set to 30 days and check interval set to 86400 seconds

P.S. Possible error message for auto renewer are the followings.

Encounted error when trying to resolve DNS name for cert (cert name)
Read certificate store failed (reasons)
Renew (Certname) certificate error, can't get the ACME detail for certificate, trying org section as ca
Extract issuer name for cert error, using default ca
Renew (filename) (domain) failed

tobychui avatar Nov 13 '24 22:11 tobychui

Think I found the issue:

[2024-11-13 17:07:26.017423] [ACME] [system:error] Obtain certificate failed: error: one or more domains had a problem:
[sub.domain.tld] [sub.domain.tld] acme: error presenting token: could not start HTTP server for challenge: listen tcp :31267: bind: address already in use

Did restarting the service without another message like this and now the auto-update is working again. Thanks for the help!

KmdKeen avatar Nov 15 '24 11:11 KmdKeen