So a couple of days ago we  got a message on the matrix channel of videos.fsci.in that the certs had expired and hence people had to access it via http which of-course doesn't look good for the community. The certs were set to autorenew but for some reason they didnt

So I decided to fix the certs today and document the process live for some reason.

I have no idea how this machine was configured since I wasn't around back then and we have no documentation whatsoever so it is also my first time digging into this.

I am hoping to fix the certs issue and then write some docs for people after me

The first thing I see is  that there is neither apache nor nginx installed onto the main machine so which might mean that the setup is dockerised

Hence 

docker ps

I found out that a bunch of containers were running and one of them was traefik which is probably serving the entire thing.

so now lets try and get into the trafeik container somehow to see how these certs were working 

 docker exec -it f1895ec8ab20 /bin/bash
 docker exec -it f1895ec8ab20 /bin/sh

Both these returned an error saying no such command which means there is no shell in these containers.

My next instinct was to do a simple docker inspect on the trafeik container to get it to reveal it's secrets

looking at the docker inspect output of traefik I see this

                "com.docker.compose.config-hash": "",
                "com.docker.compose.container-number":
                "com.docker.compose.oneoff": ,
                "com.docker.compose.project": 
                "com.docker.compose.service": 
                "com.docker.compose.version":

which means that it was setup using docker-compose and the Bind section tells me that the volume mounts are somewhere in /root/peertube

sudo ls -l /root/peertube
total 80
-rw-r--r-- 1 root root 70600 Jun  9  2020 docker-compose.log
-rw-r--r-- 1 root root  2404 Jun  9  2020 docker-compose.yml
drwxr-xr-x 8 root root  4096 Jan  7 14:26 docker-volume

which means that it was setup using docker-compose itself , nice

so as every IT guy ever , lets try restarting all the containers using compose 

docker-compose restart

Boom, the certs got renewed .

Thanks for sticking around for this very short adventure of mine.

~ Read next post in Free Software ~

Why all your servers should have an 8gb empty file

Posted by Manav Sethi

1 min read