How to renew caddy certificate

dima2341 · June 15, 2020, 4:09pm

Version of Rocket.Chat Server: 2.4.11
Operating System: Linux mint 19.3 Trica 64-bit
Deployment Method: Quick installation
Number of Running Instances:
DB Replicaset Oplog:
NodeJS Version: v8.17.0
MongoDB Version: 3.6.14
Proxy: NO
Firewalls involved: NO

Caddy Status

● snap.rocketchat-server.rocketchat-caddy.service - Service for snap application rocketchat-server.rocketchat-caddy
Loaded: loaded (/etc/systemd/system/snap.rocketchat-server.rocketchat-caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-06-12 12:22:57 EEST; 3 days ago
Main PID: 1071 (caddy)
Tasks: 20 (limit: 4915)
CGroup: /system.slice/snap.rocketchat-server.rocketchat-caddy.service
└─1071 caddy -conf=/var/snap/rocketchat-server/1427/Caddyfile

июн 15 12:24:16 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:16 [INFO] [chat.eliz.zp.ua] acme: Trying renewal with -1531 hours remaining
июн 15 12:24:16 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:16 [INFO] [chat.eliz.zp.ua] acme: Obtaining bundled SAN certificate
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: Could not find solver for: tls-alpn-01
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: use http-01 solver
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: Trying to solve HTTP-01
июн 15 12:24:36 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:36 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:36 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:36 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:37 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:37 [INFO] [chat.eliz.zp.ua] acme: Trying renewal with -1531 hours remaining
июн 15 12:24:37 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:37 [INFO] [chat.eliz.zp.ua] acme: Obtaining bundled SAN certificate
~

Sorry if I ask obvious things, but I don’t understand how to solve this problem.

Our company has a configured Rocket Chat server. And caddy as a server encrypting external connections. For reasons beyond my control, the computer on which Rocket Chat and Cuddy was installed was turned off for 2 months, the certificate update time has passed and now an outdated SSL certificate has been installed.

How can it be updated now? Is there any command for this? Or do you have to wait until it updates itself? Thank you in advance.

Sico31 · December 22, 2021, 10:05am

Did you solve your problem ?
I have suddendly the same one … .but my RC server is ON since many months.
But yesterday, impossible to renew caddy certificate … and with snap, not easy to find where they are, where is the config file.
I prefer put my own certificate but nowhere i find how configure

1st edit
SOLVE !
I just copy my own certificate (CRT et KEY files) in my current RC directory (/var/snap/rocketchat-server/XXXX)
and modifiy the Caddyfile :
https://my.site.fr
proxy / localhost:3000 {
websocket
transparent
}
tls certif.crt certif.key

After restart RC and Caddy service, all works fine

2nd edit
all ? no … the android appli ahve a java error. not via the web navigator, only mobile appli (android test, no appeule test, i don’t have enough money)

dima2341 · December 22, 2021, 11:54am

Yes, we managed to solve this problem. The problem, as I understood it, was that port 80 was not open from the outside to the rocket chat. Ie it is necessary to open 443 and 80 TCP ports from the outside.

Sico31 · December 24, 2021, 7:27am

All the port (80 and 443) are open outside but the letsencrypt certificate initiate with caddy doesn’t renew.
After use my own certs, RC works on navigator, not on Android app (java arror)

trialsin · February 10, 2022, 7:50pm

This force caddy renew the certificates:

snap stop rocketchat-server.rocketchat-caddy

# in "/root/snap/rocketchat-server/current" remover a pasta .caddy que contém os certificados
sudo su
cd /root/snap/rocketchat-server/current
mv .caddy .caddy.bak

# Ao statar o serviço o Caddy gerará nova pasta com novos certificados
snap start rocketchat-server.rocketchat-caddy

Topic		Replies	Views
Unable to force Caddy SSL certificate refresh Community Support snap	3	4572	August 5, 2022
Sec_error_revoked_certificate / Reissue LetsEncrypt for snap Install Community Support	6	927	February 1, 2022
Two questions: Autodelete logs and auto-renew SSL in Snap Installation? Community Support	4	645	February 10, 2022
SNAP snaffoo with SSL Community Support	1	4	January 30, 2025
Upgrade from 3.18.1 to 4.1.2 use snap.But caddy can't start Community Support	0	678	December 2, 2021

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

How to renew caddy certificate

Related topics