63 votes

Whoops, Tildes joins the list of sites that forgot to renew their SSL certificates

Tildes was inaccessible for about 2 hours today because the SSL certificate expired, and I wasn't at home at the time to be able to fix it immediately.

I'm going to blame it on Let's Encrypt (the organization that I get the certificates through). They've always sent multiple warning emails starting weeks before the cert expires, but for some reason this time they didn't send any at all. I'll set something else up for future expiries and stop depending on them to be my reminder to renew it.

12 comments

  1. [7]
    UntouchedWagons
    Link
    Certbot is supposed to renew the certificate automatically within a month of the cert's expiration date if I recall correctly. Check the cron folders in /etc/, in Ubuntu 20.04 its crontab is in...

    Certbot is supposed to renew the certificate automatically within a month of the cert's expiration date if I recall correctly. Check the cron folders in /etc/, in Ubuntu 20.04 its crontab is in /etc/cron.d/certbot

    9 votes
    1. [5]
      Deimos
      Link Parent
      Yeah, it's more complex than the basic case because it's a wildcard certificate. You have to add DNS records for validation, so automating it is kind of annoying. I've never bothered to set it up...

      Yeah, it's more complex than the basic case because it's a wildcard certificate. You have to add DNS records for validation, so automating it is kind of annoying. I've never bothered to set it up since doing it manually only takes a few minutes every 90 days, but... it would have prevented this, so I should probably just do it.

      15 votes
      1. zonk
        Link Parent
        No idea if helps you, but Nginx Proxy Manager has auto renewal, even for wildcard certs (Using that myself at home). Either NPM helps you itself, or you can look through its source for some code...

        No idea if helps you, but Nginx Proxy Manager has auto renewal, even for wildcard certs (Using that myself at home). Either NPM helps you itself, or you can look through its source for some code snippets on how it does the auto-extension.

        4 votes
      2. tomf
        Link Parent
        if you’re comfortable with it, there’s certbot-dns-ovh to use an api key etc etc.

        if you’re comfortable with it, there’s certbot-dns-ovh to use an api key etc etc.

        1 vote
      3. spit-evil-olive-tips
        Link Parent
        I use Traefik as the front-end / reverse proxy for a personal website I host. it has built-in support for Let's Encrypt, including support for wildcard certs via a bunch of provider plugins that...

        I use Traefik as the front-end / reverse proxy for a personal website I host. it has built-in support for Let's Encrypt, including support for wildcard certs via a bunch of provider plugins that automate the DNS challenge.

        1 vote
      4. UntouchedWagons
        Link Parent
        I use wildcart certs and certbot handles renewing it automatically. I just made the one DNS record, gave certbot the cloudflare stuff and it handled the rest.

        I use wildcart certs and certbot handles renewing it automatically. I just made the one DNS record, gave certbot the cloudflare stuff and it handled the rest.

        1 vote
    2. suspended
      Link Parent
      Yes. This is how I have my site set up. I never have to worry about this.

      Yes. This is how I have my site set up. I never have to worry about this.

  2. [2]
    hamstergeddon
    Link
    So what did you all do without tildes for a little while? I got bored and started gutting old PS3 controllers I had so my toddlers could "play" along with me tomorrow. They'll either love it or...

    So what did you all do without tildes for a little while? I got bored and started gutting old PS3 controllers I had so my toddlers could "play" along with me tomorrow. They'll either love it or get bored of it after 5 minutes, but either way I'm excited to show them!

    6 votes
    1. moocow1452
      Link Parent
      I almost made some progress on my big term paper. Thank goodness the site wasn't gone for too long.

      I almost made some progress on my big term paper. Thank goodness the site wasn't gone for too long.

      12 votes
  3. [2]
    Adys
    Link
    Did you ever look into Caddy? It's honestly really nice, never had to worry about SSL expiration since I started using it. Ever. And it's so nice and easy to configure I like it a lot to be honest.

    Did you ever look into Caddy? It's honestly really nice, never had to worry about SSL expiration since I started using it. Ever. And it's so nice and easy to configure I like it a lot to be honest.

    3 votes
    1. teaearlgraycold
      Link Parent
      Caddy didn’t used to be FOSS. I guess that’s changed because it says it’s Apache 2 licensed.

      Caddy didn’t used to be FOSS. I guess that’s changed because it says it’s Apache 2 licensed.

      2 votes
  4. Apos
    Link
    I forgot to renew too for some of my sites earlier this year. Then I just wrote a script to automate the process. (I got my domain + hosting from Namecheap and they don't proactively support Let's...

    I forgot to renew too for some of my sites earlier this year. Then I just wrote a script to automate the process. (I got my domain + hosting from Namecheap and they don't proactively support Let's Encrypt so it has to be renewed through their cpanel.)

    2 votes