this post was submitted on 21 Jan 2025
44 points (97.8% liked)

Selfhosted

41633 readers
519 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud
Loki
CannaVet
devve
HybridSarcasm
[email protected]
44
[SOLVED] Can't renew cert on a self-hosted lemmy instance D: (self.selfhosted)
submitted 1 week ago* (last edited 1 week ago) by sol6_vi to c/selfhosted
38 comments fedilink hide all child comments
 

EDIT: Thanks everyone for your time and responses. To break as little as possible attempting to fix this I've opted to go with ZeroSSL's DNS process to acquire a new cert. I wish I could use this process for all of my certs as it was very quick and easy. Now I just have to figure out the error message lemmy is throwing about not being able to run scripts.

Thank you all for your time sincerely. I understand a lot more than I did last night.

Original Post

As the title says I'm unable to renew a cert on a self-hosted lemmy instance. A friend of mine just passed away and he had his hands all up in this and had it working like magic. I'm not an idiot and have done a ton of the legwork to get our server running and working - but lemmy specifically required a bit of fadanglin' to get working correctly. Unfortunately he's not here to ask for help, so I'm turning to you guys. I haven't had a problem with any of my other software such as nextcloud or pixelfed but for some reason lemmy just refuses to cooperate. I'm using acme.sh to renew the cert because that's what my buddy was using when he had set this all up. I'm running apache2 on a bare metal ubuntu server.

Here's my httpd-ssl.conf:

https://pastebin.com/YehfTPNV

Here's some recent output from my acme.sh/acme.log:

https://pastebin.com/PESVVNg4

Here's the terminal read out and what I'm attempting to execute:

https://pastebin.com/jfHfiaE0

If you can make any suggestions at all on what I might be missing or what may be configured incorrectly I'd greatly appreciate a nudge in the right direction as I'm ripping my hair out.

Thank you kindly for your time.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 week ago (2 children)

Hi, just a guess. But

The retryafter=86400 value is too large (> 600), will not retry anymore.

Seems to me like the call to your server in the verification step is failing.

Do you have port 80 blocked or stopping the call in another way ?

[–] [email protected] 2 points 1 week ago

Would concur, that was the only thing I could find.

[–] sol6_vi 2 points 1 week ago (1 children)

The only thing I can think of that might be interfering is HSTS? I'm not sure how acme is accessed when a browser can only access a site with ssl. Perhaps HSTS is interfering with the cert process somehow?

[–] [email protected] 2 points 1 week ago (1 children)

The process makes file to read via http (not https), it’s just a nonce ( some random characters). Once their server reads that file, using the domain (and not the ip) and compares with what is expected, this shows you own the domain , and they give you a new ssl cert, modifying your server’s https configuration file (usually). And deletes the file it made .

[–] sol6_vi 1 points 1 week ago

Thanks for the breakdown.