Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Manual Cert Renewal Command? #3249

Open
Joshndroid opened this issue Mar 28, 2024 · 5 comments
Open

Manual Cert Renewal Command? #3249

Joshndroid opened this issue Mar 28, 2024 · 5 comments

Comments

@Joshndroid
Copy link

Hello All,

I run my matrix server at home and not facing the outside world.
The only time I run it in this fashion is during cert renewal, opening the ports, running a renewal, then closing it back up again.

I used to be able to run the command

/usr/local/bin/matrix-ssl-lets-encrypt-certificates-renew

and then run

systemctl reload matrix-nginx-proxy

I assume with the move to traefik this command no longer functions.

Is there a manual way that I can keep certs updated so I dont have to try and time the renewal in order to open ports/etc

I have checked the docs and it does not list anything that I can see thus far, any tips to help?
@sneaker8650
Copy link

I would also be interested in that. My certificate expires in 20 days, unfortunately no restart of traefik or the whole server helps.

@Joshndroid
Copy link
Author

I have 5 days left. Any thoughts on what I do from a manual perspective?

@spantaleev
Copy link
Owner

Follow Traefik's logs (journalctl -fu matrix-traefik) and restart it in the meantime while looking at the logs (systemctl restart matrix-traefik).

It should try to renew all certificates. If it fails, it would tell you what the errors are, so you can take action.

@Joshndroid
Copy link
Author

Hey @spantaleev

I went through this and had 2 x SSH tunnels running at the same time.
The traffaek log was hard to understand in that it only showed 1 x cert renewal.... so I then re-run the command again and it showed 1 x cert renewal but on this occasion it was for a different sub-domain. At this point I closed up my ports and re-established my DNS re-writes. It seems to break element as it never wanted to connect again. I then reboot the matrix server VM and it did not appear to fix it. I then ran a full git pull, just roles and just setup -all command and closed/reopened element and it came back. It's possible i didn't need to do the updating of the ansible only required a close/reopen of element but i can't say for certain at this time

You may want to update/fix the docs to add in this bit @spantaleev so users like myself can keep this going the manual way :)

Thanks

@sneaker8650 have a look at this mate and give it a go... you should be alright.

@fkonradmain
Copy link

I would also argue, that such a job would be helpful, if you want to switch from ACME staging Certificates to the actual certificates. That case happens easily, when you are debugging a fresh Matrix installation.

In my case it was easier to just delete Matrix and reinstall it, because there is no way to force update the certificates from ansible's side. (to my knowledge)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@spantaleev @Joshndroid @sneaker8650 @fkonradmain