Meteor-Up fork with free SSL certificates by Let's Encrypt

I took a 2-node meteorhacks:cluster enabled application and copy-pasted bits of my mup.js from the new kadirahq-mup project directly across to your mupx-based mup.json, and it all worked PERFECTLY and was VERY quick to both setup and deploy on Digital Ocean droplets (MongoDb Atlas works just great for a replicaset, I didn’t try to internal dockerized “setupMongo:true” bit)

very very pleased, and noticing that the kadirahq-mup project hasn’t integrated your approach yet, and while I followed the thread a bit on efforts to integrate it, I didn’t see any definitive conclusion, and then when I tried your fork, it all just worked perfectly.

Are there any dangerous things to be aware of ? i’m just happy and can’t believe that I have free SSL and that the deploy was so easy!? Thank you very very much!

generally super happy with the (old and new) mup and mupx, despite my usual docker reservations.
it’s all just declaratively configurable! love it.

*** also, thank you very much for the syntax of how to add subdomains! I was wondering how… and of course, i can’t think of anywhere but your github info page to get info on how to do this easily. consider adding this tidbit! very useful to have www.domain.com as well as domain.com without dns trickery and resultant url differences etc

Hi @tsepelev. My certificate was issued on 2016-10-20 (the date of my post above) and expires on 2017-01-18. You say certificate will be renewed after 30 days so I would expect it to have renewed on 19th or 20th November, but it hasn’t.

Looking at docker logs letsencrypt-companion shows:

2016-11-30 06:50:59,768:INFO:simp_le:1383: Certificates already exist and renewal is not necessary, exiting with status code 1.
Sleep for 3600s

I’ve done a few redeploys over the past 40 days, does that reset the clock or anything? Doing a fresh redeploy and checking the logs shows:

ubuntu@ip-***.***.***.***:~$ docker logs letsencrypt-companion --tail 2000
Sleep for 3600s
2016/11/30 07:58:28 Generated '/app/letsencrypt_service_data' from 3 containers
2016/11/30 07:58:28 Running '/app/update_certs'
2016/11/30 07:58:28 Watching docker events
2016/11/30 07:58:28 Contents of /app/letsencrypt_service_data did not change. Skipping notification '/app/update_certs'
Reloading nginx proxy (using separate container nginx-gen)...
Creating/renewal domain.com certificates... (***.com www.***.com app.***.com)
2016-11-30 07:58:29,090:INFO:simp_le:1383: Certificates already exist and renewal is not necessary, exiting with status code 1.
Sleep for 3600s

Any idea why the certificate hasn’t renewed?

blabla… over past 40 days … blabla

Cert renewed once 30 days left.
In case initial certificate lasts 90 days, you had no chance to observe such condition yet.

A question on this: Is this fork still being maintained, or is it better to switch to the official mup now? Also asking because arunoda left the community recently and this might also affect mup development.

There’s no use asking.
You can switch deployment tool any time and its not bound to your code.

My certificates should have renewed by now, but looking at docker logs letsencrypt-companion shows:

Sleep for 3600s
Creating/renewal virtualinout.com certificates... (virtualinout.com www.virtualinout.com app.virtualinout.com)
2016-12-22 20:03:37,392:INFO:requests.packages.urllib3.connectionpool:756: Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Traceback (most recent call last):
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1401, in main
    return main_with_exceptions(cli_args)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1386, in main_with_exceptions
    persist_new_data(args, existing_data)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1282, in persist_new_data
    client = registered_client(args, existing_data.account_key)
  File "build/bdist.linux-x86_64/egg/simp_le.py", line 1224, in registered_client
    client = acme_client.Client(directory=args.server, key=key, net=net)
  File "build/bdist.linux-x86_64/egg/acme/client.py", line 63, in __init__
    self.net.get(directory).json())
  File "build/bdist.linux-x86_64/egg/acme/messages.py", line 169, in from_json
    raise jose.DeserializationError(str(error))
DeserializationError: Deserialization error: Wrong directory fields

Unhandled error has happened, traceback is above

Debugging tips: -v improves output verbosity. Help is available under --help.
Sleep for 3600s

@tsepelev, any ideas? I’m using mupx-letsencrypt@meteor14

Yep, it is the docker-letsencrypt-nginx-proxy companion issue. You can read more here. It’s already fixed for meteor 1.4 version, so you can do npm update -g mupx-letsencrypt@meteor14


Zodern is now owner of meteor-up, is it still a fork?

1 Like