We discovered today that field deployments of the odk-x-sync-endpoint with automatic certificate provisioning were failing to get new certificates after the original bootstrap certificates expired. We’ve fixed this issue, but that means that if you’ve deployed a sync endpoint server with automatic https before today, that it will need to be updated. You can update to the latest config by following these steps. This does not impact deployments with custom certificates, only those provisioned automatically (a relatively new feature).
Log into the command line of the server (with putty or another SSH client)
Change to the install location with the command
Load the new repaired deployment configuration with
sudo git pull originThis should generate some output but not errors.
Stop the currently running system with
sudo docker stack rm syncldap. Wait around 30 seconds for this command to complete. You can check it’s complete when no containers are listed by the command
sudo docker ps
Start the system again, now with the new repaired configuration with
sudo docker stack deploy -c docker-compose.yml -c docker-compose-https.yml syncldap.
(optional) If your certificates have already expired, restart nginx to use the new certificates immediately with the command
sudo docker stop $(docker ps -q --filter name=syncldap_nginx*)This command stops the nginx container, which will then be restarted automatically by the docker swarm manager. Otherwise nginx should check for new certificates twice a day automatically.