Problem with site certificates

You’re right. They should just turn out the light and file for bankruptcy. Makes perfect sense.

There’s no need to take a sarcastic attitude.

Why? It’s a good match for your attitude…

For a fresh example:

It’s a massive job to monitor all certs in businesses today. That’s just objective reality.

That may be, but is it a massive job for any one company to keep track of its own certificates?

BTW, I changed the thread title to something less provocative.

This thread was split off from another thread, so I didn’t have anything to do with the title.

To the @moderator who split it off - totally uncalled for title.

It’s not easy and it is not hard. But it is a process that makes it easy for renewals to fall through the cracks. You can bet that Roon will adopt some new procedures or at the very least do a better job of following the ones currently in place. Again, it’s not the end of the world.

My point.

No one is referencing the end of the world, except you.

Ask anyone who works in Ops. Yes. its a massive job.

That was me, the title was a copy/past from the first line in your post …

I could argue it was a totally uncalled for first line of post, also you hijacked someone’s support topic and that why it was split out.

1 Like

The problem is that by splitting it out and titling it as you did, it was (unintentionally) made to seem much more cutting than it originally was when it was just one simple comment in reply to your post that the certificate problem was fixed.

Still don’t understand how re-certification fell thru the cracks. That’s what task lists and calendars are for, but not worth any more back and forth.

This I agree with and iirc it’s not the first time this has happened.

1 Like

Some things happen and are unavoidable. When they do, you fix them and apologize. However, something such as an expired certificate should never happen. How hard is it mark this on a calendar and assign a couple people to make sure it gets updated? I have the same reaction when people complain about Roon requiring a credit card for a trial. They say they might “forget” to cancel in time. No excuse for “forgetting.” Go buy yourself a pencil and paper if necessary.

Looks like they are using free Let’s Encrypt certificates. Let’s Encrypt certificates expire after just a few months. But, they have utilities to keep them automatically updated/refreshed. I guess, though, like most software including roon, it doesn’t work 100% reliably. Maybe 99.99% of the time, but pretty bad timing for the .01% sometimes.

Automatic certificate renewal using certbot is trivial, and any post-processing easily accomplishing in a simple bash script scheduled via cron. I’d be extremely surprised if this isn’t already in place.

As to monitoring, this is also relatively trivial to implement (eg Nagios), eg if the certificate expires within X days.

But, as many have remarked, sh#t happens, and I have screwed this one up in my career.

Letsencrypt certificates are valid for 3 months. However, Letsencrypt will start emailing you if there’s 1 month validity remaining without having received a renewal request. So even if certbot (or other software) is for some reason failing, you’ll get a heads up.

1 Like

@SKBubba, @Nepherte - all you say is probably true. Which makes it more inexplicable that Roon should let a certificate expire, particularly when their users and the business depend(s) on access.

Long ago, I knew someone who was a Golden Gloves boxer. He once told me that the most humiliating thing that can happen to a boxer is for his opponent to knock out his mouthpiece.

Certificate renewals for Let’s Encrypt usually happen in an automated way. Nobody is going to put this stuff on a calendar anymore. During those 3 months, something probably changed and broke the automatic update. It can happen once, but if it happens more than once, well… That’s kinda sad.

At least the third time in the past twelve months.