Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5
Accepted Solution

UCRM Cert failed to renew? Even tho its not out of date

Title.  Web page says the cert expired yesterday but in UCRM it says its valid til March?  I've tried disabling the SSL and the update the cert but nothing works.  Anyone have any ideas?

 

ucrm cert fail.png


Accepted Solutions
Ubiquiti Employee
Posts: 1,391
Registered: ‎03-21-2016
Kudos: 226
Solutions: 155

Re: UCRM Cert failed to renew? Even tho its not out of date

Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

Issue was fixed with a complete ubuntu server wipe and restore from back up.

View solution in original post


All Replies
Ubiquiti Employee
Posts: 3,921
Registered: ‎12-10-2015
Kudos: 1379
Solutions: 299

Re: UCRM Cert failed to renew? Even tho its not out of date

@CptJames32 can you please send us the full let's encrypt log?
Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

PM sent with full lets encrypt log folder.

Ubiquiti Employee
Posts: 3,921
Registered: ‎12-10-2015
Kudos: 1379
Solutions: 299

Re: UCRM Cert failed to renew? Even tho its not out of date

Thanks, we will investigate this and prepare a fix for the next hotfix release if needed.
Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

@UBNT-Petr do you know of a fix for in the meantime?

Ubiquiti Employee
Posts: 3,921
Registered: ‎12-10-2015
Kudos: 1379
Solutions: 299

Re: UCRM Cert failed to renew? Even tho its not out of date

Did you try to disable (and delete the ssl cert) and then create a new Let's encrypt cert?
Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

I think so?  Which file do I delete?

Ubiquiti Employee
Posts: 3,921
Registered: ‎12-10-2015
Kudos: 1379
Solutions: 299

Re: UCRM Cert failed to renew? Even tho its not out of date

This command will remove both custom or let's encrypt certificates and restart the server config. UCRM will not respond on HTTPS after this, but will respond on plain HTTP.

sudo docker exec -t ucrm_web_app_1 bash -c 'rm -f /usr/src/ucrm/app/data/ssl/certbot.ini; rm -f /usr/src/ucrm/app/data/ssl/.use_lets_encrypt; rm -f /usr/src/ucrm/app/data/ssl/.use_custom; rm -f /usr/src/ucrm/app/data/ssl/ucrm.crt; rm -f /usr/src/ucrm/app/data/ssl/ucrm.key; su-exec nginx touch /data/ucrm/data/ssl/.server_control_run; /usr/src/ucrm/scripts/server_control.sh;'

 

Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

So I ran that command and i'm getting the exact same error when it redoes lets encrypt.

Ubiquiti Employee
Posts: 1,391
Registered: ‎03-21-2016
Kudos: 226
Solutions: 155

Re: UCRM Cert failed to renew? Even tho its not out of date

@CptJames32 The previous command did not remove let's encrypt certificate, but a regular one. Please try again with this one:

sudo docker exec -t ucrm_web_app_1 bash -c 'rm -f /usr/src/ucrm/app/data/ssl/certbot.ini; rm -f /usr/src/ucrm/app/data/ssl/.use_lets_encrypt; rm -f /usr/src/ucrm/app/data/ssl/letsencrypt/*; su-exec nginx touch /data/ucrm/data/ssl/.server_control_run; /usr/src/ucrm/scripts/server_control.sh;'

I checked the logs and everything seems to be in order, sadly I don't have any idea, why the let's encrypt servers think the certificate is not out of date. You should be able to request new certificate after running the command above and hopefully the renewal process will work fine in 3 months, either way, please let us know.

Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

@UBNT-Ondra this command also did not work.  Should I completely wipe my ubuntu server and start over?

Ubiquiti Employee
Posts: 1,391
Registered: ‎03-21-2016
Kudos: 226
Solutions: 155

Re: UCRM Cert failed to renew? Even tho its not out of date

@CptJames32 Please check your PM

Member
Posts: 181
Registered: ‎04-18-2016
Kudos: 30
Solutions: 5

Re: UCRM Cert failed to renew? Even tho its not out of date

Issue was fixed with a complete ubuntu server wipe and restore from back up.