HTTPS Certificate Renewal-- Action Required for update

Hi Community,
We discovered today that field deployments of the odk-x-sync-endpoint with automatic certificate provisioning were failing to get new certificates after the original bootstrap certificates expired. We’ve fixed this issue, but that means that if you’ve deployed a sync endpoint server with automatic https before today, that it will need to be updated. You can update to the latest config by following these steps. This does not impact deployments with custom certificates, only those provisioned automatically (a relatively new feature).

  1. Log into the command line of the server (with putty or another SSH client)

  2. Change to the install location with the command cd /home/sync-endpoint-default-setup

  3. Load the new repaired deployment configuration with sudo git pull origin This should generate some output but not errors.

  4. Stop the currently running system with sudo docker stack rm syncldap. Wait around 30 seconds for this command to complete. You can check it’s complete when no containers are listed by the command sudo docker ps

  5. Start the system again, now with the new repaired configuration with sudo docker stack deploy -c docker-compose.yml -c docker-compose-https.yml syncldap .

  6. (optional) If your certificates have already expired, restart nginx to use the new certificates immediately with the command sudo docker stop $(docker ps -q --filter name=syncldap_nginx*) This command stops the nginx container, which will then be restarted automatically by the docker swarm manager. Otherwise nginx should check for new certificates twice a day automatically.


To be specific on timing. This effects servers that were setup using the new interactive https cert process from April 25th, 2020 through July 30th, 2020. If you setup a sync-endpoint server during that time period using the sync-endpoint-default-setup repo you should perform the above instructions to make sure your https certificate will renew automatically.

1 Like