The KiwiSDR 2 online store is open for orders! Please visit kiwisdr.nz

LetsEncrypt Certificate for forum.kiwisdr.com expired today [no it didn't]

edited April 2023 in General Chat

Just an Info, in case it has been overlooked: Currently some browsers, firefox for example, strictly refuse to contact the forum due to expired certificate - even without offering an option to continue at own risk. (I'm writing this with an older chrome version).

Comments

  • jksjks
    edited April 2023

    Except, it didn't. I've had this problem a few times in the past and for the life of me I can't figure out what's wrong (last occurred 25 July 2022). The certs are auto-renewed once a week. Here's their status when the forum was down:

    root@forum:/www/logs# certs

    Saving debug log to /var/log/letsencrypt/letsencrypt.log


    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Found the following certs:

     Certificate Name: drm.kiwisdr.com

      Domains: drm.kiwisdr.com

      Expiry Date: 2023-06-20 21:00:39+00:00 (VALID: 60 days)

      Certificate Path: /etc/letsencrypt/live/drm.kiwisdr.com/fullchain.pem

      Private Key Path: /etc/letsencrypt/live/drm.kiwisdr.com/privkey.pem

     Certificate Name: files.kiwisdr.com

      Domains: files.kiwisdr.com

      Expiry Date: 2023-06-20 21:00:44+00:00 (VALID: 60 days)

      Certificate Path: /etc/letsencrypt/live/files.kiwisdr.com/fullchain.pem

      Private Key Path: /etc/letsencrypt/live/files.kiwisdr.com/privkey.pem

     Certificate Name: forum.kiwisdr.com

      Domains: forum.kiwisdr.com

      Expiry Date: 2023-06-20 21:00:49+00:00 (VALID: 60 days)

      Certificate Path: /etc/letsencrypt/live/forum.kiwisdr.com/fullchain.pem

      Private Key Path: /etc/letsencrypt/live/forum.kiwisdr.com/privkey.pem

     Certificate Name: tdoa2.kiwisdr.com

      Domains: tdoa2.kiwisdr.com

      Expiry Date: 2023-06-20 21:00:54+00:00 (VALID: 60 days)

      Certificate Path: /etc/letsencrypt/live/tdoa2.kiwisdr.com/fullchain.pem

      Private Key Path: /etc/letsencrypt/live/tdoa2.kiwisdr.com/privkey.pem

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    All I've had to do when this happens is restart the web server (lighttpd). It had been running since the last reboot (85 days ago). That's my only clue. Maybe I need to reboot automatically once a month or something.

    My whole experience with LetsEncrypt has been extremely negative. Not only does it not handle the private network case of IOT devices like the Kiwi but it seems very fragile.

  • Thanks, John, for explanation.

    Firefox didn't allow to visit the site, but allowed to view the certificate. For whatever reason, it showed an expiration date of yesterday (21-Apr-2023).

    My own experiences with LE stem from normal webservers only - and there I'm completely satisfied. Very robust and reliable over years - it just works. (I was almost tempted to say: setup and forget...)

  • Probably if the slightest thing is wrong the browser just says "cert expired". Or maybe lighttpd on my end has bugs. Who knows. I haven't got time for stuff like that. Like you say, it's just supposed to work..

Sign In or Register to comment.