How to renew caddy certificate

dima2341 · June 15, 2020, 4:09pm

Version of Rocket.Chat Server: 2.4.11
Operating System: Linux mint 19.3 Trica 64-bit
Deployment Method: Quick installation
Number of Running Instances:
DB Replicaset Oplog:
NodeJS Version: v8.17.0
MongoDB Version: 3.6.14
Proxy: NO
Firewalls involved: NO

Caddy Status

● snap.rocketchat-server.rocketchat-caddy.service - Service for snap application rocketchat-server.rocketchat-caddy
Loaded: loaded (/etc/systemd/system/snap.rocketchat-server.rocketchat-caddy.service; enabled; vendor preset: enabled)
Active: active (running) since Fri 2020-06-12 12:22:57 EEST; 3 days ago
Main PID: 1071 (caddy)
Tasks: 20 (limit: 4915)
CGroup: /system.slice/snap.rocketchat-server.rocketchat-caddy.service
└─1071 caddy -conf=/var/snap/rocketchat-server/1427/Caddyfile

июн 15 12:24:16 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:16 [INFO] [chat.eliz.zp.ua] acme: Trying renewal with -1531 hours remaining
июн 15 12:24:16 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:16 [INFO] [chat.eliz.zp.ua] acme: Obtaining bundled SAN certificate
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: Could not find solver for: tls-alpn-01
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: use http-01 solver
июн 15 12:24:17 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:17 [INFO] [chat.eliz.zp.ua] acme: Trying to solve HTTP-01
июн 15 12:24:36 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:36 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:36 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:36 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5251334886
июн 15 12:24:37 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:37 [INFO] [chat.eliz.zp.ua] acme: Trying renewal with -1531 hours remaining
июн 15 12:24:37 chat-H81M-S1 rocketchat-server.rocketchat-caddy[1071]: 2020/06/15 12:24:37 [INFO] [chat.eliz.zp.ua] acme: Obtaining bundled SAN certificate
~

Sorry if I ask obvious things, but I don’t understand how to solve this problem.

Our company has a configured Rocket Chat server. And caddy as a server encrypting external connections. For reasons beyond my control, the computer on which Rocket Chat and Cuddy was installed was turned off for 2 months, the certificate update time has passed and now an outdated SSL certificate has been installed.

How can it be updated now? Is there any command for this? Or do you have to wait until it updates itself? Thank you in advance.

Sico31 · December 22, 2021, 10:05am

Did you solve your problem ?
I have suddendly the same one … .but my RC server is ON since many months.
But yesterday, impossible to renew caddy certificate … and with snap, not easy to find where they are, where is the config file.
I prefer put my own certificate but nowhere i find how configure

1st edit
SOLVE !
I just copy my own certificate (CRT et KEY files) in my current RC directory (/var/snap/rocketchat-server/XXXX)
and modifiy the Caddyfile :
https://my.site.fr
proxy / localhost:3000 {
websocket
transparent
}
tls certif.crt certif.key

After restart RC and Caddy service, all works fine

2nd edit
all ? no … the android appli ahve a java error. not via the web navigator, only mobile appli (android test, no appeule test, i don’t have enough money)

dima2341 · December 22, 2021, 11:54am

Yes, we managed to solve this problem. The problem, as I understood it, was that port 80 was not open from the outside to the rocket chat. Ie it is necessary to open 443 and 80 TCP ports from the outside.

Sico31 · December 24, 2021, 7:27am

All the port (80 and 443) are open outside but the letsencrypt certificate initiate with caddy doesn’t renew.
After use my own certs, RC works on navigator, not on Android app (java arror)

trialsin · February 10, 2022, 7:50pm

This force caddy renew the certificates:

snap stop rocketchat-server.rocketchat-caddy

# in "/root/snap/rocketchat-server/current" remover a pasta .caddy que contém os certificados
sudo su
cd /root/snap/rocketchat-server/current
mv .caddy .caddy.bak

# Ao statar o serviço o Caddy gerará nova pasta com novos certificados
snap start rocketchat-server.rocketchat-caddy

Topic		Replies	Views
Having a heck of a time trying to enable Websockets with Caddy on a Snap Install Community Support	5	664	February 14, 2024
Problem installing! Community Support	0	609	December 2, 2019
RC stopped working after reboot Community Support	11	1860	August 24, 2021
Migrations: Not migrating, already at version 213 Community Support	0	1225	February 19, 2021
RocketChat suddenly unavailable (MongoDB connection refused) Community Support	2	4066	May 14, 2020

Join our Community Open Call tomorrow where we'll share more details regarding recent changes and answer questions about updating your workspace to the latest Rocket.Chat

How to renew caddy certificate

Related Topics