[GH-ISSUE #163] Troubleshoot/reset autocert #63

New issue

Closed

opened 2026-03-13 15:36:17 +03:00 by kerem · 1 comment

kerem commented

2026-03-13 15:36:17 +03:00

Owner

Originally created by @ArrowCase on GitHub (May 3, 2019).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/163

I recently set up an acme-dns server instance, and it was horribly misconfigured the first several times I ran it. In particular, I enabled TLS with letsencrypt before the server was reachable from the outside, so there's no way the autocert process could have succeeded. However, there are no errors in the log regarding this.

Now that the server is accessible from the outside via the domain I have configured for autocert, TLS connections are failing, likewise with no errors. When I disable TLS and have the API listen on another port like 8080 instead, everything is working. So I can be reasonably sure the only issue is with the TLS config, but I have no idea what state it's in.

How can I troubleshoot this, or "factory reset" the TLS configuration so I can try again with autocert?

Originally created by @ArrowCase on GitHub (May 3, 2019). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/163 I recently set up an acme-dns server instance, and it was horribly misconfigured the first several times I ran it. In particular, I enabled TLS with letsencrypt before the server was reachable from the outside, so there's no way the autocert process could have succeeded. However, there are no errors in the log regarding this. Now that the server is accessible from the outside via the domain I have configured for autocert, TLS connections are failing, likewise with no errors. When I disable TLS and have the API listen on another port like 8080 instead, everything is working. So I can be reasonably sure the only issue is with the TLS config, but I have no idea what state it's in. How can I troubleshoot this, or "factory reset" the TLS configuration so I can try again with autocert?

kerem

2026-03-13 15:36:17 +03:00

closed this issue
added the
question
label

kerem commented

2026-03-13 15:36:55 +03:00

Author

Owner

@joohoi commented on GitHub (May 5, 2019):

Hi! The configuration option:

# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"

is used to define the x509 key material storage path. By changing that value, or emptying the directory should help you.

That said, I'll look into adding more verbose logging for autocert (if possible) or more likely replacing it completely with certmagic

@joohoi commented on GitHub (May 5, 2019): Hi! The configuration option: ``` # only used if tls = "letsencrypt" acme_cache_dir = "api-certs" ``` is used to define the x509 key material storage path. By changing that value, or emptying the directory should help you. That said, I'll look into adding more verbose logging for autocert (if possible) or more likely replacing it completely with [certmagic](https://github.com/mholt/certmagic/)