Force traefik to reissue certificate

OK so here goes (please backup! - I make no guarantees!)

SSH into the server and run:
sudo nano /var/lib/docker/volumes/wappler-compose_letsencrypt/_data/acme.json

move the cursor to the start of the certificates array and press SELECT while clicking your down arrow to select all the lines below until the end of the array (leave the Certificates key and square brackets out of your selection.
Use CTRL+k to cut the selection
You should be left with:

CTRL+o (letter o) to save (ENTER to confirm)
CTRL+x to exit nano

Next, head over to your Portainer address for the target and follow the 4 steps below

You will see an error for the restart - that is because while the certificates are being renewed, Portainer can't refresh - wait a minute or so and refresh the page. Once the Portainer page reloads successfully, head over to your website and try a clear cache refresh (CTRL+SHIFT+R / CMD+SHIFT+R) and check your certificate expiry - should be 3 months from today

Just to bring @george's suggestions into this post for a single solution:

Great that worked great!

You can also very easy make backup from the acme.json file before starting to edit it with:

cp acme.json acme.bak

After the saving of the acme.json file, when you need to restart you can also you can just go to the docker machine options in Wappler and hit the Apply again to Apply the Traefik options resulting in deploy of just Traefik and restart of it. If you do not want to go the Portainer way.

Does anyone know how to find all the docker machines that require this update, my email looks like this

Hello,

Please immediately renew your TLS certificate(s) that were issued from 
Let's Encrypt using the TLS-ALPN-01 validation method and the following 
ACME registration (account) ID(s):

108509467  167205640  185327010  194841760  231114350  299874670  126746541  126857703 

We've determined that an error made it possible for TLS-ALPN-01 
challenges, completed before today, to not comply with certificate 
issuance requirements. We have remediated this problem and will revoke 
all unexpired certificates that used this validation method at 16:00 UTC 
on 28 January 2022. Please renew your certificates now to ensure an 
uninterrupted experience for your site visitors.

We apologize for any inconvenience this may cause. If you need support 
in the renewal process, please comment on our forum post. Our staff and 
community members are available to help:

Those numbers mean very little to me, so just wondering how we figure out what domains are affected.

Not sure where, but there should be a list of domains that you can control+f to see if your domain is effected.

Not sure if it helps as you might have a ton of domains

https://checkhost.unboundtest.com/

and the list: https://letsencrypt.org/caaproblem/

Yeah, thats kind of the issue, i probably have at least a years worth of them, which could be 50, been a busy year.

EDIT: The 2 links help, thank you

Good problem to have

Although frustrating now.

They recommend using this tool at the end of my second link for people with many domains: https://github.com/hannob/lecaa

I haven’t used /looked at it but hope it helps!

Thanks for the location George. Serves me right for searching for letsencrypt with a leading slash! Will deploy this today.

Thank you @bpj! It worked perfectly for me.

worked as a charm! thanks guys!

Ben thank you!

We usually use Certbot to do all our SSL renewals but for some reason on Digital Ocean it was having none of it! So we reverted to doing it manually with your very helpful instructions. We did however neglect to pause Cloudflare which caused an issue as the cryptographic requests were blocked and certificates would obviously not renew. So for anyone using Cloudflare pause it before carrying out the above instructions otherwise you may well assault your monitor!