starred/wiki-requarks
1
0
Fork 0
mirror of https://github.com/requarks/wiki.git synced 2026-03-02 22:06:55 -05:00
Code Issues 131 Projects Packages Wiki Activity

SSL certificate expiry dates do not match #2425

New issue
Open
opened 2026-02-20 19:04:43 -05:00 by deekerman · 15 comments
deekerman commented 2026-02-20 19:04:43 -05:00
Owner
Copy link

Originally created by @ravenzachary on GitHub (Jan 22, 2021).

Originally assigned to: @NGPixel on GitHub.

Describe the bug
If you look at the certificate expiration date on the Let's Encrypt SSL Certificate in the browser and then compare that the certificate expiration date in the Admin > SSL section of the Wiki, the dates do not match. Currently, the Admin panel is showing an expiration date of 29 January 2021 and the browser cert details lists 22 April 20201.

To Reproduce
Steps to reproduce the behavior:

  1. Load the wiki site with SSL and view the SSL certificate expiration date in the browser.
  2. Go to the SSL section of the Admin area of your wiki and view the SSL certificate expiration date on this page.
  3. Compare them - they will not be the same.

Expected behavior
The SSL certificate expiration date should be the same.

Screenshots
Screen Shot 2021-01-22 at 10 19 23

Host Info (please complete the following information):

  • OS: Ubuntu 19.09 x64
  • Wiki.js version: 2.5.159
  • Database engine: PostgreSQL 11.5

Additional context
Add any other context about the problem here.

Originally created by @ravenzachary on GitHub (Jan 22, 2021). Originally assigned to: @NGPixel on GitHub. **Describe the bug** If you look at the certificate expiration date on the Let's Encrypt SSL Certificate in the browser and then compare that the certificate expiration date in the Admin > SSL section of the Wiki, the dates do not match. Currently, the Admin panel is showing an expiration date of 29 January 2021 and the browser cert details lists 22 April 20201. **To Reproduce** Steps to reproduce the behavior: 1. Load the wiki site with SSL and view the SSL certificate expiration date in the browser. 2. Go to the SSL section of the Admin area of your wiki and view the SSL certificate expiration date on this page. 3. Compare them - they will not be the same. **Expected behavior** The SSL certificate expiration date should be the same. **Screenshots** ![Screen Shot 2021-01-22 at 10 19 23](https://user-images.githubusercontent.com/645975/105529591-735b9480-5c9b-11eb-9e6d-b045bd1a5914.png) **Host Info (please complete the following information):** - OS: Ubuntu 19.09 x64 - Wiki.js version: 2.5.159 - Database engine: PostgreSQL 11.5 **Additional context** Add any other context about the problem here.
deekerman commented 2026-02-20 19:04:44 -05:00
Author
Owner
Copy link

@cashewnuts commented on GitHub (Jan 29, 2021):

This problem causes using up the rate limit of Let's encrypt.
If I switch wiki.js server on and off on daily basis, it will end up the error 5 days later.

https://letsencrypt.org/docs/rate-limits/

@cashewnuts commented on GitHub (Jan 29, 2021): This problem causes using up the rate limit of Let's encrypt. If I switch wiki.js server on and off on daily basis, it will end up the error 5 days later. https://letsencrypt.org/docs/rate-limits/
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@PaulKlumpp commented on GitHub (Feb 23, 2021):

I experience the same problem. It will try to update the cert far too often.

@PaulKlumpp commented on GitHub (Feb 23, 2021): I experience the same problem. It will try to update the cert far too often.
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@JetForMe commented on GitHub (May 16, 2021):

Came here to post the same screenshot :)

@JetForMe commented on GitHub (May 16, 2021): Came here to post the same screenshot :)
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@dazzag24 commented on GitHub (Jun 7, 2021):

Same behavior here. Just upgraded to wiki.js version 2.5.201 and I still see the issue.
image

@dazzag24 commented on GitHub (Jun 7, 2021): Same behavior here. Just upgraded to wiki.js version 2.5.201 and I still see the issue. ![image](https://user-images.githubusercontent.com/1055831/121004793-ff6fe380-c786-11eb-835c-1e52dc0b965a.png)
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@rogersgt commented on GitHub (Sep 23, 2021):

@NGPixel Is there any update on this? My company's wiki site is completely down due to this, I believe. The error logs are spitting out the letsencrypt throttling error. The strange part is I haven't tried to restart the server until it was unreachable (after the throttling limit was reached). Is there at least a workaround for this?
Screen Shot 2021-09-23 at 3 49 01 PM

What I believe is happening...

  • Wiki.js thinks that the cert is expired when it's not
  • The server probably checks this on startup (?)
  • The server attempts to renew the certificate, and letsencrypt returns the 429
  • The UI is not able to load up because the server errors out

I have the following settings enabled:

  • SSL
  • SSL auto re-renew
  • HTTP -> HTTPS redirect

The server worked really well for a month, and then this. I'm unable to reach the UI via HTTP or HTTPS. I can access the database, but I'm not really sure what I should be trying to do in order to reset/get around this. Any help would be appreciated

@rogersgt commented on GitHub (Sep 23, 2021): @NGPixel Is there any update on this? My company's wiki site is completely down due to this, I believe. The error logs are spitting out the `letsencrypt` throttling error. The strange part is I haven't tried to restart the server until it was unreachable (after the throttling limit was reached). Is there at least a workaround for this? <img width="1125" alt="Screen Shot 2021-09-23 at 3 49 01 PM" src="https://user-images.githubusercontent.com/14983357/134574361-002357b5-6234-4c60-9386-824c4e22c58b.png"> What I believe is happening... * Wiki.js thinks that the cert is expired when it's not * The server probably checks this on startup (?) * The server attempts to renew the certificate, and letsencrypt returns the 429 * The UI is not able to load up because the server errors out I have the following settings enabled: * SSL * SSL auto re-renew * HTTP -> HTTPS redirect The server worked really well for a month, and then this. I'm unable to reach the UI via HTTP or HTTPS. I can access the database, but I'm not really sure what I should be trying to do in order to reset/get around this. Any help would be appreciated ✊
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@NGPixel commented on GitHub (Sep 23, 2021):

@rogersgt A simple restart of Wiki.js will trigger a certificate renewal. However it seems you exceeded the API limit so that won't work. I suggest disabling HTTPS for now (see https://docs.requarks.io/troubleshooting#how-to-manually-disable-https-ssl-redirection) and consider using a reverse proxy like Cloudflare or put an nginx instance in front.

@NGPixel commented on GitHub (Sep 23, 2021): @rogersgt A simple restart of Wiki.js will trigger a certificate renewal. However it seems you exceeded the API limit so that won't work. I suggest disabling HTTPS for now (see https://docs.requarks.io/troubleshooting#how-to-manually-disable-https-ssl-redirection) and consider using a reverse proxy like Cloudflare or put an nginx instance in front.
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@biji commented on GitHub (Oct 24, 2021):

for temporary solution, you can edit letsencrypt.payload.expires in table settings

@biji commented on GitHub (Oct 24, 2021): for temporary solution, you can edit `letsencrypt.payload.expires` in table `settings`
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@snarum commented on GitHub (Nov 17, 2021):

Doen anyone know when the certificate is actually attempted renewed? to me it looks like the code is either run when the server is started, or when the Renew button is clicked in the gui. But I can't find any code that would run the certificate check regularly.

Right now my SSL page says the certificate is expired yesterday, and letsdebug.org says there is no renewal requests.

@snarum commented on GitHub (Nov 17, 2021): Doen anyone know when the certificate is actually attempted renewed? to me it looks like the code is either run when the server is started, or when the Renew button is clicked in the gui. But I can't find any code that would run the certificate check regularly. Right now my SSL page says the certificate is expired yesterday, and letsdebug.org says there is no renewal requests.
deekerman commented 2026-02-20 19:04:45 -05:00
Author
Owner
Copy link

@NGPixel commented on GitHub (Nov 18, 2021):

@snarum That's correct. There's no automatic renewal at the moment and yes, it needs to be added.

@NGPixel commented on GitHub (Nov 18, 2021): @snarum That's correct. There's no automatic renewal at the moment and yes, it needs to be added.
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@jonystorm commented on GitHub (Feb 17, 2022):

Hi all! I have a problem directly related to this one, I'm using versión 2.5.275, and got the email from let's encrypt my current cert only has a few days left, I have the "Renew certificate" button on the SSL admin section but the request triggered from clicking it returns an error of "Empty response", any suggestions? or anyone else having this issue?

@jonystorm commented on GitHub (Feb 17, 2022): Hi all! I have a problem directly related to this one, I'm using versión 2.5.275, and got the email from let's encrypt my current cert only has a few days left, I have the "Renew certificate" button on the SSL admin section but the request triggered from clicking it returns an error of "Empty response", any suggestions? or anyone else having this issue?
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@scott-dunt commented on GitHub (Feb 17, 2022):

Suggest you restart your docker containers.. I hit that error before and restarting the containers cleared it up.

@scott-dunt commented on GitHub (Feb 17, 2022): Suggest you restart your docker containers.. I hit that error before and restarting the containers cleared it up.
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@FiretronP75 commented on GitHub (Aug 29, 2023):

I confirm this is still a problem. For me it seems to be showing the issued date rather than the expiration date.

@FiretronP75 commented on GitHub (Aug 29, 2023): I confirm this is still a problem. For me it seems to be showing the issued date rather than the expiration date.
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@charlezkwan commented on GitHub (Nov 13, 2023):

@NGPixel , any update on automatic renewal certificate feature?

@charlezkwan commented on GitHub (Nov 13, 2023): @NGPixel , any update on automatic renewal certificate feature?
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@miller-coffee commented on GitHub (Jan 25, 2024):

I can confirm this is still a problem with Wiki.js 2.5.300

@miller-coffee commented on GitHub (Jan 25, 2024): I can confirm this is still a problem with Wiki.js 2.5.300
deekerman commented 2026-02-20 19:04:46 -05:00
Author
Owner
Copy link

@integrity-develop commented on GitHub (Mar 1, 2024):

I can confirm this issue is still present in Wiki.js 2.5.301. Will this issue cause SSL requests to begin failing when the displayed date has passed? This is the first SSL I have issued for my Wiki.js deployment and I can't quite tell if this is just an issue with what is displayed in the interface or if it is an actual configuration problem that is going to manifest as failed requests. The newly issued SSL certificates display as fine in a browser. Appreciate any information someone can give me on this, and will be investigating nginx implementation in the meantime.

@integrity-develop commented on GitHub (Mar 1, 2024): I can confirm this issue is still present in Wiki.js 2.5.301. Will this issue cause SSL requests to begin failing when the displayed date has passed? This is the first SSL I have issued for my Wiki.js deployment and I can't quite tell if this is just an issue with what is displayed in the interface or if it is an actual configuration problem that is going to manifest as failed requests. The newly issued SSL certificates display as fine in a browser. Appreciate any information someone can give me on this, and will be investigating nginx implementation in the meantime.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
scarlett
vega
feat-toc
v2.5.312
v2.5.311
v2.5.310
v2.5.309
v2.5.308
v2.5.307
v2.5.306
v2.5.305
v2.5.304
v2.5.303
v2.5.302
v2.5.301
v2.5.300
v2.5.299
v2.5.298
v2.5.297
v2.5.296
v2.5.295
v2.5.294
v2.5.293
v2.5.292
v2.5.291
v2.5.290
v2.5.289
v2.5.288
v2.5.287
v2.5.286
v2.5.285
v2.5.284
v2.5.283
v2.5.282
v2.5.281
v2.5.280
v2.5.279
v2.5.278
v2.5.277
v2.5.276
v2.5.275
2.5.274
2.5.272
2.5.268
2.5.264
2.5.260
2.5.255
2.5.254
2.5.219
2.5.214
2.5.201
2.5.197
2.5.191
2.5.170
2.5.159
2.5.144
2.5.136
2.5.132
2.5.126
2.5.121
2.5.117
2.5.105
2.4.107
2.4.105
2.4.75
2.3.81
2.3.77
2.3.72
2.3.71
2.2.51
2.2.50
2.1.113
2.0.12
2.0.1
2.0.0-rc.17
2.0.0-rc.1
2.0.0-beta.303
2.0.0-beta.275
2.0.0-beta.268
2.0.0-beta.267
2.0.0-beta.241
2.0.0-beta.230
2.0.0-beta.208
2.0.0-beta.203
2.0.0-beta.180
2.0.0-beta.174
2.0.0-beta.148
2.0.0-beta.147
2.0.0-beta.115
2.0.0-beta.91
2.0.0-beta.84
2.0.0-beta.68
2.0.0-beta.42
2.0.0-beta.11
v1.0.102
v1.0.78
v1.0.76
v1.0.68
v1.0.66
v1.0.12
v1.0.11
v1.0.10
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.1
v1.0.0-beta.13
v1.0.0-beta.12
v1.0.0-beta.11
v1.0.0-beta.10
v1.0.0-beta.9
v1.0.0-beta.8
v1.0.0-beta.7
v1.0.0-beta.6
v1.0-beta.5
v1.0-beta.4
v1.0-beta.3
v1.0-beta.2
v1.0-beta.1
v1.0-alpha.7
v1.0-alpha.6
v1.0-alpha.5
v1.0-alpha.4
v1.0-alpha.3
v1.0-alpha.2
v1.0-alpha.1
Labels
Clear labels   
BETA

   
BETA

   
accessibility

   
backlog

   
bug

   
can't replicate

   
contrib-easy

   
contrib-hard

   
contrib-medium

   
deferred

   
documentation

   
duplicate

   
duplicate

   
editors

   
enhancement

   
invalid

   
localization

   
migrate

   
ui

   
under review

   
v3
No labels
BETA
BETA
accessibility
backlog
bug
can't replicate
contrib-easy
contrib-hard
contrib-medium
deferred
documentation
duplicate
duplicate
editors
enhancement
invalid
localization
migrate
ui
under review
v3
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/wiki-requarks#2425
No description provided.