Renewing SSL with Digital Ocean's Marketplace installation

areimann · February 12, 2022, 9:28pm

Description

I created a Digital Ocean Droplet following these instructions: Rocket.Chat Hosting | DigitalOcean Marketplace 1-Click App. Now, the SSL certificate is expired.

I normally can run “certbot” and regenerate the SSL on servers web that I manually set up. But this “Marketplace” installation doesn’t have things like that.

Everything is up-to-date, but I can’t run certbot. I even tried running “rocketchatctl configure --lets-encrypt --root-url=https://chat.my_domain.com” (with my_domain being my actual domain) and it didn’t work.

Any help would be appreciated.

debdut.chakraborty · February 12, 2022, 9:37pm

Hi, welcome to the forum!

You can force the certs to renew, by

# backing up the existing file
sudo cp /etc/traefik/acme/acme.json /etc/traefik/acme/acme.json.old

Then open /etc/traefik/acme/acme.json and remove the lines/keys starting with Certificate & Key.

Restart traefik

sudo systemctl restart traefik

debdut.chakraborty · February 12, 2022, 9:38pm

Renewal should’ve been automatic though. Idk why it wasnt. I’ll look into that. And at the same time maybe I’ll also add a rocketchatctl command to make force renewals easier.

areimann · February 12, 2022, 9:54pm

I edited the files in Vim and removed the two lines. Now I’m clearly getting a syntax error.

Thanks!

debdut.chakraborty · February 12, 2022, 9:58pm

Can you post the file content here please? Removing private data?

areimann · February 12, 2022, 10:00pm

The part that is breaking is here:

  "Certificates": [
    {
      "Domain": {
        "Main": "chat.private.com",
        "SANs": null
      }
    }
  ],
  "HTTPChallenges": {},
  "TLSChallenges": null
}

areimann · February 12, 2022, 10:04pm

Here is what it looks like right after I edit and remove the lines you recommend:

Capture2

debdut.chakraborty · February 12, 2022, 10:04pm

Please post the whole file, if uncomfortable you can dm me here as well:)

debdut.chakraborty · February 12, 2022, 10:05pm

Remove that comma please under SANs

areimann · February 12, 2022, 10:08pm

(post deleted by author)

areimann · February 12, 2022, 10:29pm

Ok. I got traefik restarted. Thanks.

I’ve also rebooted the server (just in case) and I’m not sure which command I need to run to regenerate the SSL cert. I just looked at the acme.json file after restarting everything and I don’t see the certificate information, just my private key.

areimann · February 14, 2022, 2:34pm

For some reason the server isn’t serving HTTP, only HTTPS. That’s why Let’s Encrypt isn’t reissuing the SSL certificate. I’m not sure why the redirect from HTTP to HTTPS isn’t working.

areimann · February 15, 2022, 3:15pm

I figured it out. Don’t block port 80.

Topic		Replies	Views
SSL Issue - Digital Ocean 1-Click Install Community Support	2	493	November 17, 2023
Setting up HTTPS with DigitalOcean Community Support	4	1269	August 4, 2021
RC 7.3.1. on fedora 41 in Docker needs a valid certifacte Community Support	5	18	February 22, 2025
Rocketchat with Letsencrypt Community Support	1	97	November 15, 2024
Deploy with Docker on Digital ocean - enabling https Community Support	3	68	October 1, 2024

[Secure CommsOS™ Launch] Join our next Roadmap Reveal webinar to learn more Register now ->

Renewing SSL with Digital Ocean's Marketplace installation

Description

Related topics