Do I need to renew my certificate?

I got an email from the forum about the need to[Renew Buypass ACME (Go SSL) certificates - Urgent, immediate action required: Renew Buypass ACME (Go SSL) certificates.

I setup Swag as a docker under unraid using Letsencrypt (?) a long time ago. A true set and forget - working beautifully. I could go back and figure all of it out again but thought I would ask here. I got this notification presumably (?) because it impacts me? Is my SWAG installation likely to be using a Buypass ACME (Go SSL) certificate? How do I check if it might be. And how do I renew if this is the case?

Thanks.

You should've really answered the questionnaire. There's no way we can answer this without your domain names.

I mentioned that I did this as part of a step by step how to so have no idea how to answer most of these questions and have looked through the forum for more information on how to answer them. It's my understanding that this installation auto-renews the certificate but I don't know if this email preempts that in any way.

Anyway, here goes....

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
I didn't run any command. My setup is working. I am responding because I got an email out of the blue that said " Urgent, immediate action required: Renew Buypass ACME (Go SSL) certificates " and I have no idea if this impacts me. I assume it does as why would I have received the email when I wasn't even signed up for the forum that it came from?
It produced this output:
No output - see previous response.
My web server is (include version):
Not sure. I am using swag docker under unraid. I think it uses the unraid built in server to service the requests but for all I know swag might have a built in web server as well? Unraid version 6.12.3.
The operating system my web server runs on is (include version):
Unraid version 6.12.3.
My hosting provider, if applicable, is:
n/a
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I see this in the logs from SWAG:
text error warn system array login

https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID: 99
User GID: 100
───────────────────────────────────────

using keys found in /config/keys
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=themasons.net
SUBDOMAINS=frigate
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=http
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=simon@themasons.net
STAGING=false

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Sub-domains processed are: frigate.themasons.net
E-mail address entered: simon@themasons.net
http validation is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready
[migrations] started
[migrations] 01-nginx-site-confs-default: skipped
[migrations] done
usermod: no changes
───────────────────────────────────────

  ██╗     ███████╗██╗ ██████╗ 
  ██║     ██╔════╝██║██╔═══██╗
  ██║     ███████╗██║██║   ██║
  ██║     ╚════██║██║██║   ██║
  ███████╗███████║██║╚██████╔╝
  ╚══════╝╚══════╝╚═╝ ╚═════╝ 

Brought to you by linuxserver.io
───────────────────────────────────────

To support the app dev(s) visit:
Certbot: Support EFF's Work on Certbot | Electronic Frontier Foundation

To support LSIO projects visit:
https://www.linuxserver.io/donate/

───────────────────────────────────────
GID/UID
───────────────────────────────────────

User UID: 99
User GID: 100
───────────────────────────────────────

using keys found in /config/keys
Variables set:
PUID=99
PGID=100
TZ=America/New_York
URL=themasons.net
SUBDOMAINS=frigate
EXTRA_DOMAINS=
ONLY_SUBDOMAINS=true
VALIDATION=http
CERTPROVIDER=
DNSPLUGIN=cloudflare
EMAIL=simon@themasons.net
STAGING=false

Using Let's Encrypt as the cert provider
SUBDOMAINS entered, processing
Sub-domains processed are: frigate.themasons.net
E-mail address entered: simon@themasons.net
http validation is selected
Certificate exists; parameters unchanged; starting nginx
The cert does not expire within the next day. Letting the cron script handle the renewal attempts overnight (2:08am).
[custom-init] No custom files found, skipping...
[ls.io-init] done.
Server ready

You will have to ask Buypass about that email. I would take care that you contact them directly to ensure it is not a spam email.

Let's Encrypt and Buypass are both Certificate Authorities but completely different organizations. We can't possibly know why they sent you that email.

Got it. Buypass is a different entity. The email I got was a notification from this forum of the thread u referenced above. I was not previously joined to this forum and had to join to respond in the thread.

So I didn’t get an email from buypass and now I realize that the email was really a notification of the thread. Again - don’t know how I got the notification but will leave it at that. Thanks.

That is really strange. I don't know how this forum could know your email address if you never signed up here.

This forum allows you to set a monitoring status for its different categories. So, someone could set a "Watch" level for the "Issuance Policy" category to get notified of each new post. Could someone signed up on your behalf. That category sometimes gets many posts which you would have seen too so not just this Buypass notice. You can see that whole category below. Hmm, a real puzzler.

It looks like you have nothing to worry about, your certificates are from Let's Encrypt:

At least not for those two names. The origin of the Buypass related email is unclear so I wonder if they have other systems or names not shown here.

I am convinced they had another account on this forum and they just forgot about it.

That sounds as the most likely cause I think so too.

However the presently being served certificate SSL Checker

Hostname:	 Doesn't match Common Name or/and SANs

Common Name:	themasons.synology.me
SANs:			DNS:themasons.synology.me
				Total number of SANs: 1

And also shown here SSL Server Test: themasons.net (Powered by Qualys SSL Labs)

I am clueless as to how I had an account on this forum in the past but it wouldn't be the first time I forgot about a forum password. My synology is running a web server and is using a different certificate issued by them. But the Unraid server is definitely using LetsEncrypt so I think the whole Buypass thing is just a red herring

And frigate.themasons.net is also serving
https://decoder.link/sslchecker/frigate.themasons.net/443

Hostname:	 Doesn't match Common Name or/and SANs

Common Name:	themasons.synology.me
SANs:			DNS:themasons.synology.me
				Total number of SANs: 1

Also shown here SSL Server Test: frigate.themasons.net (Powered by Qualys SSL Labs)

Honestly I set up both web servers to serve SSL pictures to my internal HA system. I use Chrome browsers in kiosk mode on touchscreens throughout the house and they were not playing nicely when I fed them https: images due to security controls in Chrome. So I needed to have https web servers to display things like camera feeds, album cover art, etc.

I installed a web server on my synology NAS a long time ago and used some certificate service they were offering. Then recently I am moving everything to Unraid and setup SWAG. I am not serving the images outside of my home lan so don't care about certificate errors, etc. Only that I can access https:// web addresses.

I don't have the foggiest idea how https works - my background is all on the home automation programming side. So I follow step by step how-tos to get this done and move on. It is on my list to learn about this at some point.

If you have any pointers I should follow to improve my setup please feel free to offer advice. Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.