Yes I've regenerated it several times without any success. It doesnt accept any key I use
configuration of CertWarden Client
My best guess is that the environment variable isn't setting or accesible for some reason.
gregtwallace hmm well that really stinks, I've spent a good amount of time getting the server setup and im 90% of the way finished with the client, but I cannot get this key to work. Can you give me any other ideas what I might be doing incorrect?
- Edited
example docker compose:
certwardenclient:
image: ghcr.io/gregtwallace/certwarden-client:latest
container_name: certwardenclient
networks:
- docker_network
ports:
- "5055:5055"
volumes:
#- /var/run/docker.sock:/var/run/docker.sock
- $CERTPATH:/opt/certwarden/certs
environment:
- TZ=$TZ
- PUID=$PUID
- PGID=$PGID
- CW_CLIENT_FILE_UPDATE_TIME_START='04:30'
- CW_CLIENT_FILE_UPDATE_TIME_END='05:45'
- CW_CLIENT_FILE_UPDATE_DAYS_OF_WEEK='Mon Wed Thu'
#- CW_CLIENT_RESTART_DOCKER_CONTAINER0='cert_using_app'
- CW_CLIENT_AES_KEY_BASE64='QJJBfCeyQ6JnlbZQS8Us0GFQN06nUGfHfMjNZnZXYfc'
- CW_CLIENT_SERVER_ADDRESS=$CERTWARDENADDRESS
- CW_CLIENT_KEY_NAME=$DOMAINNAME2
- CW_CLIENT_KEY_APIKEY='<key here>'
- CW_CLIENT_CERT_NAME=$DOMAINNAME2
- CW_CLIENT_CERT_APIKEY='<key here>'
I'll update the error message to log the invalid key and we'll see what that yields. I'll try to work on it tomorrow or Thursday night.
So I've made a bit of progress on this. I've fixed the issue by adding this line:
env_file: certwarden.env
Inside my file, I have listed:
CW_CLIENT_AES_KEY_BASE64='QJJBfCeyQ6JnlbZQS8Us0GFQN06nUGfHfMjNZnZXYfc'
This allows the cert to run and properly pull a cert. However, I'm now facing a seperate problem. I cannot figure out how to properly configure the client and server to pull down a new certificate once it's updated.
The client pulls the cert on a "fresh" start. But when the server updates, it complains that it cannot connect to the client:
11/20/2024, 3:17:30 PM, error, orders/post_process_do_client.go:104, orders: post processing worker 2: order 3: notify client failed: failed to post to client (Post "https://domain.com:5055/certwardenclient/api/v1/install": context deadline exceeded (Client.Timeout exceeded while awaiting headers)) (cert: 1, cn: domain.com)
I dont understand why the server is trying to connect to the client on https://domain.com ?
The guide says the client needs to be configured on CW_CLIENT_SERVER_ADDRESS (CLIENT ---> SERVER) but where is the connection in the opposite direction specified? I see there is an optional ENV variable called "CW_CLIENT_BIND_ADDRESS", but I cannot get the client to start up using anything for this value.
Error:
2024-11-20T15:30:20.973-0600 info main/config.go:148 starting Cert Warden Client v0.3.1
2024-11-20T15:30:20.974-0600 info main/config.go:258 new key/cert files will be permitted to write on Sunday Monday Tuesday Wednesday Thursday Friday Saturday between 03:00 and 05:00
2024-11-20T15:30:21.056-0600 info main/update_common.go:198 running key/cert update of client's cert
2024-11-20T15:30:21.057-0600 info main/update_common.go:208 new tls key/cert installed in https server
2024-11-20T15:30:21.057-0600 info main/update_common.go:185 key/cert file(s) write: not performed, but a write is needed
2024-11-20T15:30:21.058-0600 info main/https_server.go:33 starting https server bound to 192.168.1.109:5055
2024-11-20T15:30:21.058-0600 info main/update_schedule.go:117 scheduling write certs job for 2024-11-21 03:00:37 -0600 CST
2024-11-20T15:30:21.058-0600 fatal main/main.go:53 could not start https server (%s)
peanutlasko and for clarity, its not actually "domain.com", its MY personal domain, ive just hid this for obvious security reasons
Solved, but also: https://github.com/gregtwallace/certwarden/issues/67
Very nice app! I am running the direct install version of certwarden and so far it has worked very well. The problem I am having is with the certwarden client. I cannot get it a single certificate no matter how I configure it so I use curl to retrieve my certificates from certwarden. It seems like I'm doing this the hard way but when I pull a certificate using curl it works every time. It is a bit of a slog to write a reliable crontab scripts and I have not been successful pulling certificates on time but it works. This is just a home network/lab and nothing critical. I use your documented docker run command and the only changes I make are to the certificate and key names and tokens. Again, no problems using curl. I just wish I could change the result in some small way but I cannot find any environment variable that seems to matter other than complete failure of the client. I am wondering if perhaps you could suggest something that I might change other than the certificate names and api keys (which I've regenerated several times) that might make a difference. If not, I will stick with the curl command and a crontab script. As I mentioned, my docker command is exactly as your documentation shows in the example. While I know from experience this is not the most reliable way to get a working baseline configuration but there does not seem to be a single parameter in the github certwarden client pages that seems to matter. I've even converted your docker run command to a docker compose yaml and I get the exact same result so it must be something I'm doing but I'm at a loss to figure what that 'something' might be. The configuration shown earlier in this particular thread is very similar to what i'm using so I think I'm in the right discussion. Thanks for any assistance.
Nevermind! I found the problem; it is in the cockpit. Sorry about bring this to the forum. The client is working just fine now that Captain Obvious noticed a glaring typo.
fissilemind Great