Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

My cert isn't applying even after 2 hours #490

Open
bgoosman opened this issue Nov 29, 2022 Discussed in #489 · 9 comments
Open

My cert isn't applying even after 2 hours #490

bgoosman opened this issue Nov 29, 2022 Discussed in #489 · 9 comments

Comments

@bgoosman
Copy link

Discussed in #489

Originally posted by bgoosman November 29, 2022
Navigate to https://studiofinder.art

This server could not prove that it is studiofinder.art; its security certificate is from *.surge.sh. This may be caused by a misconfiguration or an attacker intercepting your connection.

To apply my .pem, I ran surge ssl:

surge ssl

         domain: https://studiofinder.art
       pem file: surge.pem
   Success - the pem file has been applied

before that I concat'ed my fullchain.pem to my privkey.pem

sudo cat /etc/letsencrypt/live/studiofinder.art/fullchain.pem /etc/letsencrypt/live/studiofinder.art/privkey.pem > surge.pem

before that I used certbot to manually verify my domain and provision a cert with letsencrypt:

sudo certbot certonly --manual --preferred-challenges dns -d studiofinder.art

What am I doing wrong?

Now I'm running into the same thing with rehearsal.fun. Any help?
@bgoosman bgoosman mentioned this issue Nov 30, 2022
Open
@bgoosman
Copy link
Author

My web browser reports the surge.sh certificate, but surge certs reports my letsencrypt certificate (R3)

image

image

@bgoosman
Copy link
Author

Today, I'm getting the correct cert! Should I be expecting the process to take hours?

@mster81
Copy link

mster81 commented Nov 30, 2022

From what Broc said it may have been an issue with the certs not being applied to the edge nodes. My feeling here is that it was corrected (would default to support on that though)

My understanding is that this should be instant, as the SSL cert is installed on the server across all nodes, so it should work once applied.

My implementation is a bit different, in where I'm using the new 'encrypt' tag off the latest branch but it should be the same regardless.

@sintaxi
Copy link
Owner

sintaxi commented Nov 30, 2022

  1. Right now surge@0.24.0-rc.12 is the best version to use when it comes to cert management.
  2. This is the best guide for managing certs. [CLI] New Certificate Management Commands #446
  3. Uploaded certs sometimes takes up to a day to propagate to the edge nodes (reach out if you need it done manually)
  4. Edgenodes sometimes continue to use outdated certs for a time (new cert shows when cache is flushed).

@mster81
Copy link

mster81 commented Nov 30, 2022

@sintaxi

Does the encrypt command have the same propagation time as manually doing it?

Thanks!

@bgoosman
Copy link
Author

Thanks @sintaxi! I'd recommend writing #3 and #4 into the surge.sh docs. They make it sound like it should be instant. :)

@sintaxi
Copy link
Owner

sintaxi commented Nov 30, 2022

@mster81 The encrypt command propagates the cert instantly.

@mster81
Copy link

mster81 commented Nov 30, 2022

That's awesome, thanks!

@mster81
Copy link

mster81 commented Dec 3, 2022

@sintaxi I was doing more testing on my account this AM and it looks like the same thing is happening, using latest RC, uploads fine but getting the same cert error.

Other question, what is the purpose of the 'preview-url' when doing a deploy? Just curios.

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sintaxi @bgoosman @mster81