Certificate is expired

hi team,
the certificate on my machine has expired. How can I solve it? Here follows the certificate log:

Nov 27 08:13:00 syncloud platform.backend[1714]: {“category”: “certificate”}

Nov 27 08:00:54 syncloud platform.backend[1714]: info cert/generator.go:108 certificate info {“category”: “certificate”, “subject”: “***.syncloud.it”, “valid days”: 59, “real”: false}

Thank you
Simone

Can you send me logs from settings - support (include support) please?

hi Boris,
thanks for your reply. I’ve just sent the log to the support. Thanks

Simone

  1. I cannot reply to your email as your address seems to be invalid the one registered on syncloud.it (s***i@e***it)
  2. can you run these commands using SSH (it may take 10 mins) and send the output to support?
rm /var/snap/platform/current/syncloud.crt
rm /var/snap/platform/current/syncloud.key
snap run platform.cli cert

Yes, that email address does not exist anymore and I’d like to change it but in the site syncloud.it it seems like it is not doable. Can you support me in doing it? Thanks

can you run these commands using SSH (it may take 10 mins) and send the output to support?

root@syncloud:~# rm /var/snap/platform/current/syncloud.crt
root@syncloud:~# rm /var/snap/platform/current/syncloud.key
root@syncloud:~# snap run platform.cli cert
info cert/generator.go:154 unable to read certificate file: open /var/snap/platform/current/syncloud.crt: no such file or directory {"category": "certificate"}
info cert/generator.go:108 certificate info {"category": "certificate", "subject": "", "valid days": 0, "real": false}
2024/12/03 08:56:51 [INFO] acme: Registering account for s***i@e***t
2024/12/03 08:56:52 [INFO] [***.syncloud.it, *.***.syncloud.it] acme: Obtaining bundled SAN certificate
2024/12/03 08:56:52 [INFO] [*.***.syncloud.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2091438427/439212437397
2024/12/03 08:56:52 [INFO] [***.syncloud.it] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2091438427/439212437407
2024/12/03 08:56:52 [INFO] [*.***.syncloud.it] acme: use dns-01 solver
2024/12/03 08:56:52 [INFO] [***.syncloud.it] acme: Could not find solver for: tls-alpn-01
2024/12/03 08:56:52 [INFO] [***.syncloud.it] acme: Could not find solver for: http-01
2024/12/03 08:56:52 [INFO] [***.syncloud.it] acme: use dns-01 solver
2024/12/03 08:56:52 [INFO] [*.***.syncloud.it] acme: Preparing to solve DNS-01
info redirect/redirect.go:61 dns present: https://api.syncloud.it/certbot/present
2024/12/03 08:56:52 [DEBUG] POST https://api.syncloud.it/certbot/present
2024/12/03 08:56:53 [INFO] [***.syncloud.it] acme: Preparing to solveDNS-01
info redirect/redirect.go:61 dns present: https://api.syncloud.it/certbot/present
2024/12/03 08:56:53 [DEBUG] POST https://api.syncloud.it/certbot/present
2024/12/03 08:56:54 [INFO] [*.***.syncloud.it] acme: Trying to solve DNS-01
2024/12/03 08:56:54 [INFO] [*.***.syncloud.it] acme: Checking DNS record propagation using [192.168.1.1:53]
2024/12/03 08:57:54 [INFO] Wait for propagation [timeout: 5m0s, interval: 1m0s]
2024/12/03 08:57:54 [INFO] [*.***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 08:58:54 [INFO] [*.***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 08:59:54 [INFO] [*.***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:00:54 [INFO] [*.***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:01:54 [INFO] [*.***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:02:54 [INFO] [***.syncloud.it] acme: Trying to solve DNS-01
2024/12/03 09:02:54 [INFO] [***.syncloud.it] acme: Checking DNS record propagation using [192.168.1.1:53]
2024/12/03 09:03:54 [INFO] Wait for propagation [timeout: 5m0s, interval: 1m0s]
2024/12/03 09:03:54 [INFO] [***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:04:54 [INFO] [***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:05:54 [INFO] [***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:06:54 [INFO] [***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:07:54 [INFO] [***.syncloud.it] acme: Waiting for DNS record propagation.
2024/12/03 09:08:54 [INFO] [*.***.syncloud.it] acme: Cleaning DNS-01 challenge
info redirect/redirect.go:69 dns cleanup: https://api.syncloud.it/certbot/cleanup
2024/12/03 09:08:54 [DEBUG] POST https://api.syncloud.it/certbot/cleanup
2024/12/03 09:08:55 [INFO] [***.syncloud.it] acme: Cleaning DNS-01 challenge
info redirect/redirect.go:69 dns cleanup: https://api.syncloud.it/certbot/cleanup
2024/12/03 09:08:55 [DEBUG] POST https://api.syncloud.it/certbot/cleanup
2024/12/03 09:08:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2091438427/439212437397
2024/12/03 09:08:56 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2091438427/439212437407
info cert/generator.go:88 unable to generate certificate: error: one or more domains had a problem:
[*.***.syncloud.it] time limit exceeded: last error: NS ns-439.awsdns-54.com. returned SERVFAIL for _acme-challenge.***.syncloud.it.
[***.syncloud.it] time limit exceeded: last error: NS ns-439.awsdns-54.com. returned SERVFAIL for _acme-challenge.***.syncloud.it.
 {"category": "certificate"}
root@syncloud:~#

Yes, that email address does not exist anymore and I’d like to change it but in the site syncloud.it it seems like it is not doable. Can you support me in doing it?

Yes, send your new email to support olease.

Could you give me the mail address of the support? Thanks

time limit exceeded (192.168.1.1:53)

Do you have any non-standard DNS servers behind your router, like pihole or something?

Looks like your device cannot see DNS changes that we make before asking LetsEncrypt to issue a new certificate.
Can you try setting it to something like 8.8.8.8 (google dns) for now to see if it helps?

mail address of the support?

support@syncloud.it

no, the only change is that I have a new phone carrier Vodafone) and its own router but I have opened port 443, externl access was going fine till few days ago.

Can you try setting it to something like 8.8.8.8 (google dns) for now to see if it helps

I’m sorry, the carrier has blocked the manual DNS management in the router.
The only things I can do are: switch the router Firewall off; assign a static NAT to a device; use a DDNS provider.

p.s. there is another use case in this community with a Vodafone router

ok, I am testing a switch to google dns (8.8.8.8) for dns propagation check instead of what devices get from home network (sometimes not reliable for quick dns propagation checks).

I will let you know asap

thanks a lot. Despite Vodafone’s router being a mess of locked options (I wasn’t completely aware of, untill today), before the problem with the certificate it worked fine. At the same time there could be - potentially - many other Syncloud users affected by the same problem. Looking forward a possible solution from your side, Boris :sunglasses:

Simone

potentially - many other Syncloud users affected

Exactly

I have just pushed the update, can you update from Settings - Updates and after that if it does not get the cert automatically (after an hour or so) could you send the logs from Settings - Support please.

Do not run cert command manually as it may interfere with the auto cert update.

1 Like

update to 2185 is ongoing. I’ll update you as soon as I have some news

hi Boris,
I tried 2 hrs after the update and apparently the problem is still there. I have sent you the logs.
Thanks

SB

Does Settings - Update say system is on 2185?

yes: system 2185, installer 595

still not good, not sure if it is rate limit now by letsencrypt (which should not be), sent you the command to update your email locally, they may send the reason to the email.

1 Like

ok, can you run this on the device:

apt install -y dnsutils
dig _acme-challenge.simoneburalli.syncloud.it TXT
dig _acme-challenge.simoneburalli.syncloud.it TXT @ns-1063.awsdns-04.org

and this

dig _acme-challenge.simoneburalli.syncloud.it TXT @8.8.8.8