downtownallday / cloudinabox

An installation of Nextcloud that borrows some of the "Mail-in-a-Box" code and standards
Other
2 stars 1 forks source link

Certficate creation and renewal with Let's Encrypt not working #7

Open dumblob opened 4 years ago

dumblob commented 4 years ago

After fresh successful installation of cloudinabox (with encrypted HDD) and subsequent integration with MiaB-LDAP (and a test reboot of the machine afterwards), I see only a self-generated certificate (not Let's Encrypt) when accessing Nextcloud web interface.

Note I can log into Nextcloud web interface without issues and everything seems fine.

Any pointers where to look to "force" certificate creation & automated renewal?

downtownallday commented 4 years ago

It should get provisioned overnight by the daily cron job (see management/daily_tasks.sh), or run "management/ssl_certificates.py" (as root) directly

dumblob commented 4 years ago

Yeah, the next day it was already there. Do you think we could provision the first certificate already at the end of the setup? If it fails, then it fails and a message that the next try will be at night will be issued.

If provisioning during setup won't be implemented for some reason, it should be documented:

  1. that first certificate will be automatically provisioned first at night and not earlier
  2. how to trigger it manually (management/ssl_certificates.py)

Thoughts?

downtownallday commented 3 years ago

I know there is a lot of verbage during setup, but there is information on this, right at the end of setup. It currently says:

A temporary web certificate is installed. An attempt to obtain a valid certificate from Let's Encrypt will be made at 3:00 AM. To perform the certificate provisioning now, run 'python3 management/ssl_certificates.py'

Maybe a compromise on automatically installing it, would be to interactively ask.

dumblob commented 3 years ago

Oh, I must have missed that message. I'd really prefer if it automatically tried to provision a certificate during the setup and only if there was an error report it to the user with the note that next try will follow at 3:00 AM.