Certificate Expired

When trying to access our Seatable installation (DE Latest) today I got warning that the page is unsafe and saw that the Let’s Encrypt certificate has expired. This has never happened before and the installation is running for more than a year now. However I tried to follow the manual and was able to find and run the renew_cert.sh command. The renewal didn’t succeed though with the error message: 'our_domain.com' is not an issued domain, skip.
I have no idea how to fix this issue. Can anybody point me in the right direction please!?

TIA

Hi, this is due to the DST root ca x3 expiration in September 2021. If you haven’t updated your certificate after that, you should do it now. See the article below for more information:

DST Root CA X3 Expiration (September 2021) - Let’s Encrypt (letsencrypt.org)

OK, I understand. But how do I update the certificate. The article doesn’t tell and as described above the renewal script doesn’t work :thinking:

Which SeaTable version do you run? The renewal script in newer SeaTable version works as it accounts for the changes on Let’s Encrypt’s end.

If you don’t want to upgrade your SeaTable server, you need to replace the old renewal script with the renewal script from the current version.

As also mentioned above, we are on the latest DE version.

Can I provide any logs (if so, which ones) or further information to get this fixed? As far as I understand we did everything that was explained in the manual and also are on the latest version of DE as suggested. With my limited expertise in CertBot, Docker and Nginx I’m helplessly and desperately relying on external input to get this running again. Right now all our corporate customers are locked out of the platform as nobody is allowed to override security warnings related to encryption.

Any help is very much appreciated!!!

I tried to renew my cert today (which I have done several times in the past, due to my configuration I need to do it manually) and, the renewal script didn’t work for me this time. I get this output:

> root@7ee714a688c8:/opt/seatable# /templates/renew_cert.sh
> > [Tue Dec  7 15:25:32 MST 2021] Lets find script dir.
> > [Tue Dec  7 15:25:32 MST 2021] _SCRIPT_='/root/.acme.sh/acme.sh'
> > [Tue Dec  7 15:25:32 MST 2021] _script='/root/.acme.sh/acme.sh'
> > [Tue Dec  7 15:25:32 MST 2021] _script_home='/root/.acme.sh'
> > [Tue Dec  7 15:25:32 MST 2021] Using config home:/opt/ssl/
> > https://github.com/acmesh-official/acme.sh
> > v3.0.2
> > [Tue Dec  7 15:25:32 MST 2021] Running cmd: renew
> > [Tue Dec  7 15:25:32 MST 2021] Using config home:/opt/ssl/
> > [Tue Dec  7 15:25:32 MST 2021] config file is empty, can not read DEFAULT_ACME_SERVER
> > [Tue Dec  7 15:25:32 MST 2021] default_acme_server
> > [Tue Dec  7 15:25:32 MST 2021] ACME_DIRECTORY='https://acme.zerossl.com/v2/DV90'
> > [Tue Dec  7 15:25:32 MST 2021] DOMAIN_PATH='/opt/ssl//MYDOMAIN.ca'
> > [Tue Dec  7 15:25:32 MST 2021] Renew: 'MYDOMAIN.ca'
> > [Tue Dec  7 15:25:32 MST 2021] 'MYDOMAIN.ca' is not an issued domain, skip.

I am on the latest version of the self-hosted docker, enterprise edition.

Peter

You can manually execute the following command in container to renew the certificate. We will fix this in the next release.

mkdir -p /var/www/.well-known/acme-challenge/

ln -sf /var/www/.well-known/acme-challenge/ /var/www/challenges

/root/.acme.sh/acme.sh --debug --issue --home /opt/ssl/ --server letsencrypt -d mydomain.com -w /var/www/

/root/.acme.sh/acme.sh --home /opt/ssl/ --install-cert -d mydomain.com --key-file /opt/ssl/mydomain.com.key --fullchain-file /opt/ssl/mydomain.com.crt

nginx -s reload
1 Like

This worked. Thanks a lot!!!

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.