Mattermost, Inc.

Lets Encrypt Expire All MM Clients Stuck

Hi all,

HTTPS port 443 stopped working, probably lets encrypt expired, now all mobile clients get stuck on startup. no one can access MM.

No error logs. I dont know if MM is trying to renew and is failing or what.

Iit possible to renew the lets encrypt manually? How do you create the cache folder?

Please help.

Cheers

"ServiceSettings": {
    "SiteURL": "https://mattermost.mydomain.com",
    "WebsocketURL": "",
    "LicenseFileLocation": "",
    "ListenAddress": ":443",
    "ConnectionSecurity": "TLS",
    "TLSCertFile": "",
    "TLSKeyFile": "",
    "TLSMinVer": "1.2",
    "TLSStrictTransport": false,
    "TLSStrictTransportMaxAge": 63072000,
    "TLSOverwriteCiphers": [],
    "UseLetsEncrypt": true,
    "LetsEncryptCertificateCacheFile": "./config/letsencrypt.cache",
    "Forward80To443": true,

I tried to create a new certificate and got the following error:
Error: {“type”:“urn:ietf:params:acme:error:rateLimited”,“detail”:“Error creating new order :: too many certificates already issued for exact set of domains: mattermost.domain.com: see https://letsencrypt.org/docs/rate-limits/","status”:429}
Could this be the issue? Was MM trying to get the certificate multiple times and lock it self out?

Hi @RbDev, here are some troubleshooting threads that might help:

Hi @amy.blais,

I understand the matter of limit. The question is why or who is generating those new certificates.
Is MM trying to renew the certificate?
And fix MM clients so that they work even when server is unavailable. Issue already reported.
https://forum.mattermost.org/t/mm-ios-stuck-on-opening-loading

Certificates Generated
logged at
2019-07-23
2019-07-23
2019-07-21
2019-07-20
2019-07-20
2019-07-20

Cheers