Ubuntu 18.04 - Pydio Cells - Letsencrypt

Pydio Cells
1

We’ve been a long time user of Pydio starting with version 7. Now with Cells starting to become main stream we’ve been testing within our environment.

I am able to setup an Ubuntu Server with Pydio Cells 1.6.1 without any hiccups when following the guide. When I switch the SSL certificate from Self Signed to Let’s Encrypt, this is where things go wrong. I get the following message.

2019-10-17T13:10:17.148-0700 ERROR pydio.gateway.proxy Could not run {“error”: “registration error: acme: Error 403 - urn:acme:error:unauthorized - Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See nolinkhttps://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details.”}

So based on that message I figured I would change the CA patch on the pydio.json file from:

{
“cert”: {
“proxy”: {
“caUrl”: “https://acme-v01.api.letsencrypt.org/directory”,
“email”: “person@mail.somewhere”,
“httpRedir”: true,
“self”: false,
“ssl”: true

to

{
“cert”: {
“proxy”: {
“caUrl”: “https://acme-v02.api.letsencrypt.org/directory”,
“email”: "person@mail.somewhere,
“httpRedir”: true,
“self”: false,
“ssl”: true

But this doesn’t seem to work. When using a Self Signed Cert, I can use Cells with no issues. All HTTP to HTTPS redirects perfectly from internal and external request. I’d love to get the Let’s Encrypt working, but if it won’t then I would be fine using a manual cert. Has anyone had any success or documentation on setting up a manual SSL cert from a CA?

Any help is appreciated.

2

Hello,

You are right, the acme-v01 API endpoint is deprecated. We will have a look and try to update to the v02 endpoint before releasing Cells v2.0 that will be live in the next few week.
On our side, we have installed quite a few Cells on various Ubuntu 18.04 servers without any issues, but as we rather tend to still use the same URLs / domain names for our test servers (and thus did not create new accounts), we have missed this.

Thanks for reporting and we will keep you posted.

3

Thanks! Looking forward to the release!

4

Hello,

we have fixed this in the master branch and it will be part of the rc2 that should be out in a few days.
We now use the ACME v2 API endpoint to generate Let’s Encrypt certificate. Feel free to test and let us know.

5

Sounds great, thank you for jumping on this.

6

I can verify that Let’s Encrypt is working with ACME v2 API.

Just wanted to verify that when this option is selected there is a job running in the background to renew the cert every 3 months? Is there a way to monitor \ check this? Just for piece of mind :wink:

Thanks!

7

Hello.

RC2 is out :wink:
See:

And about the renwal, it is taken care of by the embedded caddy. You might refer to their doc for more info on this.