azukaar
commented
1 year ago it does not propagate either correctly or fast enough for Cosmos to use ACME to certify the SSL requests via the DNS challenge method, at least not using my current DNS host or provider.
This is not Cosmos the issue, its Let's Encrypt. But if you look at the documentation, there is a way to extend the duration of the timeout (check the doc linked in the settings).
Keeping this ticket opened for the manual renew button (in the meantime you can set ForceHTTPSCertificateRenewal to true in the setting to force manually renewing them)
BlackrazorNZ
Feature Description
I am using Cosmos actively and it works great as I currently have it set up. However, I do not want to leave my 80 and 443 ports open all the time, but rather only open them for long enough to generate new SSL certs before closing them again.
Cosmos offers automatic SSL cert generation but in my opinion it's 'too' automatic, as it doesn't seem to support any easily accessible manual override to force an SSL refresh, nor surface the expiry date of the current SSL cert.
I have followed the DNS Challenge instructions to the letter but despite the fact the ACME challenge API key lodges correctly in my domains TXT record, it does not propagate either correctly or fast enough for Cosmos to use ACME to certify the SSL requests via the DNS challenge method, at least not using my current DNS host or provider.
The option to a) manually trigger an SSL Certificate refresh at any point on a per-URL basis, and b) see the expiry on the active certificiate for that URL, would make the above work perfectly. Would greatly appreciate if this option could be considered for a future build.
Currently the only way I can achieve this is to open up the console, Nano in to the config json, set the Force HTTP Certs flag to 'true', open the ports, reboot the host, wait for it to come back up, re-edit the config json to return the flag to false, and close the ports. It works, but it's extremely inelegant.