SSL manual renew fails

greensmart01 · July 28, 2024, 2:39pm

Steps to Reproduce

Manual renew of an domaincertificate

Expected Behavior

Renew the certificate of the domain name.

Actual Behavior

No renewal
Error message see below.

Environment

ApisCP version: cpcmd misc:cp-version

revision: 83b85d44bac953eec703acf76fd965d2573f4a31
timestamp: 1718930980
ver_maj: 3
ver_min: 2
ver_patch: 43
ver_pre: ‘’
dirty: false
debug: true

Operating System: uname -r
4.18.0-553.8.1.el8_10.x86_64

Additional Information

DataStream::pipeline(): Letsencrypt_Module::request(): hostname (domain name)' IP (newexternalip)’ doesn’t match hosting IP `(oldexternalip))', skipping request
1 more message
- DataStream::pipeline(): Letsencrypt_Module::request(): no hostnames to register

The external ip is changed months ago.
Did i missed a setting to change?

msaladna · July 28, 2024, 9:01pm

In this situation, dns,proxyaddr refers to the old IP. You’ll want to update this service value to refer to the new external IP in Nexus.

Alternatively, if the domain is behind Cloudflare, then disable IP verification on the request through Account > Settings > SSL > Verify IP. Presently the panel doesn’t take into consideration if an IP is proxied when hosted through Cloudflare.

greensmart01 · July 30, 2024, 6:10pm

the dns option is not used / not enabled for this site.

but when i click on the nexus, edit the site, check the dns box the old ip is showen.
when i clickt on revert to DEFAULT the new ip was inserted.

do i need to enable dns by default?

msaladna · July 30, 2024, 6:30pm

This is irrelevant. dns,proxyaddr is set if the server is detected to be behind a NAT. See NAT.md, specifically Changing IPs.