Category: Deployment
Resource links
Updated

Unable to Renew Appsmith's Expired SSL Certificate Because of Blocked Ports

Issue

The instance is down and when trying to access it, it redirects to /license and then throws the following errors: Cannot read properties of undefined (reading "responseMeta") and There was an unexpected error.

When running curl <appsmith_custom_domain>, the following error is returned: 

curl : The underlying connection was closed: 
Could not establish trust relationship for the SSL/TLS secure channel.

This suggests that the SSL certificate is expired or not valid. 

Resolution

The Let's Encrypt certificate expires every 90 days. For it to renew automatically, it is necessary to have port 80 and port 443 open. If these ports were blocked preventing the certificate renewal, follow the below steps, depending on the Appsmith version you are using because starting with version v1.9.51, we introduced Caddy.

 

Appsmith Version >= v1.9.51

If you are on version v1.9.51 or above, please follow the below steps to renew the SSL certificate.

  1. Open ports 80 and 443.
  2. Restart Appsmith.
  3. Close the port 80/443 after the certificate is renewed if you don't want to expose the instance to the internet.

     

Appsmith Version < v1.9.51

If you are running an Appsmith version older than v1.9.51, please follow the below steps to manually renew the SSL certificate:

  1. Open ports 80 and 443.
  2. Run the following command where you have installed Appsmith (the directory that contains the docker-compose.yml file):
    sudo docker-compose exec appsmith /opt/appsmith/renew-certificate.sh
  3. Close the port 80/443 after the certificate is renewed if you don't want to expose the instance to the internet.

     

For a permanent fix, use a load balancer to solve the issue of doing these steps manually every 90 days.