Where is the letsencrypt certificate file acme-prod.json stored?

riper · October 6, 2022, 7:53am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dinpsykolog.se (landing site in Digital Ocean, services in GCP on 4 subdomains)
I ran this command: -
It produced this output: -
My web server is (include version): -
The operating system my web server runs on is (include version): -
My hosting provider, if applicable, is: GCP
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 0.31.0

This problem is not related to much of the above questions, as I got things to work, but I'm still confused regarding where the cert is stored.

Short background: I'm using Traefik (reverse proxy and load balancer) and hosting it in kubernetes (using docker) in GCP. I have a number of web apps also hosted there using 4 subdomains. Sounds unrelated but I have a landing site (Wordpress) in a Digital Ocean droplet. The related part of the traefik (GCP) config is:
certificatesresolvers.myresolver.acme.dnschallenge=true
certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
certificatesresolvers.myresolver.acme.storage=/ssl/acme/acme-prod.json

My question is: Where is /ssl/acme/acme-prod.json stored?
I don't find it in source code, not in GCP and not in the Digital Ocean (DO) droplet instance.

Good to know: The renewing didn't work until yesterday, when I noticed errors in the GCP logs that it couldn't authenticate to DO, then I created a new token (DO_AUTH_TOKEN) there and updated the corresponding env variable in GCP and domains started renewing correctly. I did ask DO about this already but they didn't know and suggested to ask elsewhere.

Any clues?
Thanks in advance
Magnus

MikeMcQ · October 6, 2022, 5:14pm

Welcome @riper

I am not expert on your config but wanted to respond since no one has yet.

My best guess is that json file is part of your Traefik config. You might want to ask about that on a Traefik forum.

Do you have a problem getting or using Let's Encrypt certs? You did not describe your subdomain names but I see several different certs issued two days ago and many certs issued in last 90 days. You can see that history here

riper · October 6, 2022, 8:03pm

Thanks MikeMcQ,

the path to the file is copied right from our traefik config, but I'm trying to figure out where the file can be found, so that I know in the future in case it needs to be updated. Yes, maybe I need to in a Traefik forum. I had problems getting the LE certs to renew but that is solved since 2 days ago. Now I just want to find out where the darn file is.

Thanks for responding!
Magnus

system · November 5, 2022, 8:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.