Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Let's Encrypt certificate is not renewed automatically #4132

Open
mapreri opened this issue Jul 13, 2024 · 9 comments
Open

Let's Encrypt certificate is not renewed automatically #4132

mapreri opened this issue Jul 13, 2024 · 9 comments
Labels

Comments

@mapreri
Copy link

mapreri commented Jul 13, 2024

What version of GlobaLeaks are you using?

4.15.6

What browser(s) are you seeing the problem on?

No response

What operating system(s) are you seeing the problem on?

Linux

Describe the issue

The certificate obtained via Let's Encrypt using the included LE client is never renewed, despite the "Auto-renewal: Enabled" flag.

Not sure what might be going on, this could be a configuration issue on my side.

Proposed solution

No response

@evilaliv3
Copy link
Member

Hello @mapreri

Would you please check that both port 80 and 443 are open publicly and that are both directly handled by GlobaLeaks without any intermediate proxy?

I suspect you may have either port 80 closed or implementing a redirect to port 443.

If you could pass to me the address of your server i could verify the exact issue.

@mapreri
Copy link
Author

mapreri commented Jul 13, 2024 via email

@evilaliv3
Copy link
Member

Thank you @mapreri , this is actually quite strange. If you could share to me the access log i will try to see which is the reason. Near to the expiration the application starts requesting renewal with a request every day; Do you have some firewalls rules that prevent outgoing connections?

P.s.: I acknowledge that you have removed the "Powered by GlobaLeaks" attribution clause; this is actually in violation of the software license: https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE
It is not a problem as long that you restore it timely by before 30 days since this notification.
Thank you for your understanding.

@mapreri
Copy link
Author

mapreri commented Jul 13, 2024

Thank you @mapreri , this is actually quite strange. If you could share to me the access log i will try to see which is the reason. Near to the expiration the application starts requesting renewal with a request every day; Do you have some firewalls rules that prevent outgoing connections?

I don't have any firewall rules limiting outgoing connections.

What's the best way to share the access.log privately to you?

P.s.: I acknowledge that you have removed the "Powered by GlobaLeaks" attribution clause; this is actually in violation of the software license: https://github.com/globaleaks/GlobaLeaks/blob/main/LICENSE It is not a problem as long that you restore it timely by before 30 days since this notification. Thank you for your understanding.

AFAIK it's not a violation of the AGPL as long as the code running is completely unmodified from what I originally obtained by the licensor (which it is, in this case). Nevertheless, I reckon this customer is kinda ill-advised, so I'm going behind his back and reinstating the line 😜 - I am a fairly active FOSS sustainer after all heh

@mapreri
Copy link
Author

mapreri commented Jul 13, 2024

AFAIK it's not a violation of the AGPL as long as the code running is completely unmodified from what I originally obtained by the licensor (which it is, in this case). Nevertheless, I reckon this customer is kinda ill-advised, so I'm going behind his back and reinstating the line 😜 - I am a fairly active FOSS sustainer after all heh

I see now that it's actually an addendum to the AGPL that you did. That is fine, however I recommend you add a note in the README mentioning that you have additional terms to the AGPL, as I know that nobody reads the full LICENSE document after they see a standard FOSS license (I already read nearly all of them more than once, I can do without reading them all over once more…)

@evilaliv3
Copy link
Member

Thank you @mapreri for your feedback.

Actually we were listing such a notice in the README.md but we removed it considering the license was enough.

I just re-added them with commit: bdef24b

@evilaliv3 evilaliv3 reopened this Jul 15, 2024
@evilaliv3
Copy link
Member

evilaliv3 commented Jul 15, 2024

Did you manage to find what was causing your instance to not renew the certificate?

If now you can find me on our community slack at: community.globaleaks.org

@mapreri
Copy link
Author

mapreri commented Jul 15, 2024

No, I haven't found anything relevant with a quick grep of the logs tbh. What should I be looking for?

Else, I'm fine sending them to you if you can provide a... email address and a gpg key to encrypt to I suppose?

@evilaliv3
Copy link
Member

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

2 participants