Yes I've regenerated it several times without any success. It doesnt accept any key I use

My best guess is that the environment variable isn't setting or accesible for some reason.

    gregtwallace hmm well that really stinks, I've spent a good amount of time getting the server setup and im 90% of the way finished with the client, but I cannot get this key to work. Can you give me any other ideas what I might be doing incorrect?

    example docker compose:

    certwardenclient:
    image: ghcr.io/gregtwallace/certwarden-client:latest
    container_name: certwardenclient
    networks:
    - docker_network
    ports:
    - "5055:5055"
    volumes:
    #- /var/run/docker.sock:/var/run/docker.sock
    - $CERTPATH:/opt/certwarden/certs
    environment:
    - TZ=$TZ
    - PUID=$PUID
    - PGID=$PGID
    - CW_CLIENT_FILE_UPDATE_TIME_START='04:30'
    - CW_CLIENT_FILE_UPDATE_TIME_END='05:45'
    - CW_CLIENT_FILE_UPDATE_DAYS_OF_WEEK='Mon Wed Thu'
    #- CW_CLIENT_RESTART_DOCKER_CONTAINER0='cert_using_app'
    - CW_CLIENT_AES_KEY_BASE64='QJJBfCeyQ6JnlbZQS8Us0GFQN06nUGfHfMjNZnZXYfc'
    - CW_CLIENT_SERVER_ADDRESS=$CERTWARDENADDRESS
    - CW_CLIENT_KEY_NAME=$DOMAINNAME2
    - CW_CLIENT_KEY_APIKEY='<key here>'
    - CW_CLIENT_CERT_NAME=$DOMAINNAME2
    - CW_CLIENT_CERT_APIKEY='<key here>'

    I'll update the error message to log the invalid key and we'll see what that yields. I'll try to work on it tomorrow or Thursday night.

    So I've made a bit of progress on this. I've fixed the issue by adding this line:

    env_file: certwarden.env

    Inside my file, I have listed:

    CW_CLIENT_AES_KEY_BASE64='QJJBfCeyQ6JnlbZQS8Us0GFQN06nUGfHfMjNZnZXYfc'

    This allows the cert to run and properly pull a cert. However, I'm now facing a seperate problem. I cannot figure out how to properly configure the client and server to pull down a new certificate once it's updated.

    The client pulls the cert on a "fresh" start. But when the server updates, it complains that it cannot connect to the client:

    11/20/2024, 3:17:30 PM, error, orders/post_process_do_client.go:104, orders: post processing worker 2: order 3: notify client failed: failed to post to client (Post "https://domain.com:5055/certwardenclient/api/v1/install": context deadline exceeded (Client.Timeout exceeded while awaiting headers)) (cert: 1, cn: domain.com)

    I dont understand why the server is trying to connect to the client on https://domain.com ?

    The guide says the client needs to be configured on CW_CLIENT_SERVER_ADDRESS (CLIENT ---> SERVER) but where is the connection in the opposite direction specified? I see there is an optional ENV variable called "CW_CLIENT_BIND_ADDRESS", but I cannot get the client to start up using anything for this value.

    Error:
    2024-11-20T15:30:20.973-0600 info main/config.go:148 starting Cert Warden Client v0.3.1
    2024-11-20T15:30:20.974-0600 info main/config.go:258 new key/cert files will be permitted to write on Sunday Monday Tuesday Wednesday Thursday Friday Saturday between 03:00 and 05:00
    2024-11-20T15:30:21.056-0600 info main/update_common.go:198 running key/cert update of client's cert
    2024-11-20T15:30:21.057-0600 info main/update_common.go:208 new tls key/cert installed in https server
    2024-11-20T15:30:21.057-0600 info main/update_common.go:185 key/cert file(s) write: not performed, but a write is needed
    2024-11-20T15:30:21.058-0600 info main/https_server.go:33 starting https server bound to 192.168.1.109:5055
    2024-11-20T15:30:21.058-0600 info main/update_schedule.go:117 scheduling write certs job for 2024-11-21 03:00:37 -0600 CST
    2024-11-20T15:30:21.058-0600 fatal main/main.go:53 could not start https server (%s)

      peanutlasko and for clarity, its not actually "domain.com", its MY personal domain, ive just hid this for obvious security reasons

      6 days later
      4 months later

      Very nice app! I am running the direct install version of certwarden and so far it has worked very well. The problem I am having is with the certwarden client. I cannot get it a single certificate no matter how I configure it so I use curl to retrieve my certificates from certwarden. It seems like I'm doing this the hard way but when I pull a certificate using curl it works every time. It is a bit of a slog to write a reliable crontab scripts and I have not been successful pulling certificates on time but it works. This is just a home network/lab and nothing critical. I use your documented docker run command and the only changes I make are to the certificate and key names and tokens. Again, no problems using curl. I just wish I could change the result in some small way but I cannot find any environment variable that seems to matter other than complete failure of the client. I am wondering if perhaps you could suggest something that I might change other than the certificate names and api keys (which I've regenerated several times) that might make a difference. If not, I will stick with the curl command and a crontab script. As I mentioned, my docker command is exactly as your documentation shows in the example. While I know from experience this is not the most reliable way to get a working baseline configuration but there does not seem to be a single parameter in the github certwarden client pages that seems to matter. I've even converted your docker run command to a docker compose yaml and I get the exact same result so it must be something I'm doing but I'm at a loss to figure what that 'something' might be. The configuration shown earlier in this particular thread is very similar to what i'm using so I think I'm in the right discussion. Thanks for any assistance.

      Nevermind! I found the problem; it is in the cockpit. Sorry about bring this to the forum. The client is working just fine now that Captain Obvious noticed a glaring typo.

        4 days later

        Powered by: FreeFlarum.
        (remove this footer)