How can I renew Site SSL/TLS certificate via API

luckykenlin · April 19, 2024, 7:28pm

Hi, there

Is there an api I can use to renew site’s SSL?

We have more than hundreds sites hosted by netlify.

Currently, part of site’s SSL are not auto-renew. We need to go dashboard domain management to renew the ssl.

I want to implement this feature to our backoffice So every one can renew it through there.

Thanks.

dig · April 19, 2024, 7:58pm

Better option is to figure out why SSL certificates are not auto-renewing for some sites @luckykenlin.

luckykenlin · April 19, 2024, 9:06pm

I have no idea. I have checked DNS records are all correct, Or I have create CAA record ? it will help renewal process?

dig · April 19, 2024, 9:32pm

I don’t know any domain(s) on which auto-renew has failed so I can’t offer any specifics. Do you see error messages that have resulted from failed SSL renewal?

luckykenlin · April 22, 2024, 7:12pm

Faraday::SSLError: SSL_connect returned=1 errno=0 peeraddr=172.65.32.248:443 state=error: unexpected eof while reading

The error message show like above. I have check all dns are verified.

Updated: I just go to the dashboard and click renew button. after few seconds the SSL renewed.

Because we have hundreds site. any ssl expire notification I can implement before I solve this issue. We can’t check every site manually cause that are many.

dig · April 22, 2024, 9:42pm

That is a Cloudflare IP address. This suggests you are proxying through Cloudflare which is not recommended or supported.

luckykenlin · April 24, 2024, 5:56pm

The domain is nothing related with cloudflare, just hosted by godaddy. Could you explain how you see its proxying through cloudflare?

dig · April 24, 2024, 9:19pm

Which you don’t appear to want to share. If you shared your domain it would enable to provision of more accurate answers rather than guesswork. But if you don’t want to share the domain, that’s fine.

I’ve already explained this.

In the error message you provided (below) there is an IP address.

This IP address is a Cloudflare IP address.

$ whois 172.65.32.248
NetRange:       172.64.0.0 - 172.71.255.255
CIDR:           172.64.0.0/13
NetName:        CLOUDFLARENET
NetHandle:      NET-172-64-0-0-1
Parent:         NET172 (NET-172-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS13335
Organization:   Cloudflare, Inc. (CLOUD14)
RegDate:        2015-02-25
Updated:        2021-05-26

So if you are not using Cloudflare directly on the domain it is likely you are using another service that uses Cloudflare’s platform. This in turn is causing the issues you see with SSL provisioning.

This is not the answer. The answer is to ensure the setup you have for your domains works.