This is a story about something that happened just now. I’m not sure if this is the right place to post it, so I’m sorry in advance if it’s not!
I self-host some services on an old laptop at home. Mainly Jellyfin and Nextcloud, which I use to text with some close friends.
I left this morning to spend some days with my parents, and I jokingly told one of my friends that “I hope nothing bad happens to the server, since I’ll be gone for a week and I won’t have physical access to it”.
I’ve had problems with power cuts in the past, since I don’t have a UPS (and my laptop’s battery is dead), but they were mostly due to some faulty power connector that has been replaced, so I don’t expect any weird stuff happening. My IP is dynamic, but I run a cron script to regularly check it and change the DNS records if it changes. So, I was pretty sure everything would actually be fine.
But if you’ve read the title of the post, you probably know where this is going.
I’ve used let’s encrypt SSL certificates in the past with nginx proxy manager, and it was great! They automatically got renewed so I didn’t have to really pay attention to that. Except after a year or so, they just stopped working. Nginx gives me a nondescript error when trying to connect to my domain registrar to create a new certificate, and after trying -and failing- to fix it, I decided to just use the SSL certificates my domain registrar provides.
That worked great! The only problem is they don’t automatically update anymore; it just takes me 5 minutes to update them and I only have to do it once every 3-4 months, so it’s fine…
A couple hours ago, I was trying to send a meme to my friend via nextcloud and… Failed to establish connection
panic.jpg
I try to open sonarr on my web browser. I get an EXPIRED_CERTIFICATE error. Date of today. Oh no.
You’ll be thinking “What’s the problem?”, right? “Just update the certificate again!” Well, the problem is I need access to nginx proxy manager to do that. And I don’t have its port forwarded (since I didn’t want to expose it to the internet, because I didn’t think I needed to).
I thought that was it. I was going to have to wait for a week until I got back home to fix it. But I still had ssh access to the server!
yes, I know, this is probably a very bad idea, don’t expose your services and your ssh to the internet without a VPN like tailscale, but to be fair I don’t know what I’m doing! At least I use a nonstandard port, and I use cert login instead of a password.
At first I tried replacing the cert files, but I realized that wasn’t going to work. So I decided to do some googling web searching, and thankfully I found exactly what I needed: SSH tunneling.
What does that mean? Well, for the people like me that had no idea this was possible: you can use your SSH connection as a tunnel to access the server’s local network (kind of like a vpn?). So I used the command:
ssh -NL LOCAL_PORT:DESTINATION:DESTINATION_PORT USER@SSH_SERVER -p SSH_PORT
I typed localhost:DESTINATION_PORT on my web browser… and nothing happened.
“Oops, actually it’s localhost:LOCAL_PORT”
And… BAM! There it was, the nginx web interface! I typed my credentials, created a new cert, uploaded the cert files, changed the cert for all the services… and it worked! Crisis averted.
So, what did I learn from this? Well, that my server is never safe from failing to work lol. But I won this time!
If you want a backup cert checker, https://iam.redsift.cloud/ does it for free. They basically took over the LetsEncrypt email notifications.