inbo / mica-dashboard

🐀 A web-based dashboard for the MICA project
https://mica.inbo.be
MIT License
2 stars 0 forks source link

HTTPS error on UAT server #52

Open niconoe opened 1 year ago

niconoe commented 1 year ago

When asking the browser to go anyway, the page also appear almost blank (only footer). Is that related?

niconoe commented 1 year ago

Apparently it is ok now. I suppose certbot updated the certificate, but the older one was still served by nginx because it was not restarted. Almost blank page error still present so it is something else.

peterdesmet commented 1 year ago

I got an email from letsencrypt.org on Nov 30:

Your certificate (or certificates) for the names listed below will expire in 9 days (on 10 Dec 22 11:39 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.

We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let's Encrypt's current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.

mica.inbo.be

Didn't really know what to do with that 😅

niconoe commented 1 year ago

Yeah, in normal situation the server has a process to renew the certificates automatically, but I might have been less careful with that on the UAT website than on the production ones. When I tested yesterday, it told me everything was already updated (so it seemed the process worked). What the auto-update process doesn't do is to restart the web server to make sure the last version of the certificate is noticed and returned to the clients. It makes sense since this is not its main job and it can be touchy to do in a real-world production situation.

But for our case, we might want to also restart the server sometimes. Again, it's not that important for the UAT one but we might encounter the same situation in prod environments. A quick and easy way to achieve that could be to set-up a cron task that restart nginx every week or so.

Situation is solved for now, but I'd like to keep this ticket open to solve the situation in production later.