Https certificate question

Jeff_Stevenson · 18 March 2026 20:13

This is more of a question as it is resolved.

OS Name/Version: EndeavourOS Linux Titan Kernel 6.19.8

Product Name/Version: AMP 2.7 - 20260308.1

Problem Description: Certificate not recognized. After last update, https access no longer works but http does.

Steps to reproduce:

Step 1 Access host name. Site can’t provide secure connection
Step 2 Change https to Http Site can’t be reached
Step 3 Change site to http and include port 8080. Site (AMP Panel) can be accessed.

Actions taken to resolve so far:

Googling. Multiple reboots as well. Also did all system updates of OS and AMP. Followed your install guide to get one registered and working when I bought AMP a few months ago and it has worked until a recent Amp update….at least that is when I identified it broke.

I reran getamp postSetupHTTPS and this resolved the issue.

Question: Is this needed after every AMP update?

Greelan · 19 March 2026 02:53

Was the cert simply expired because you haven’t port forwarded port 80 to allow certbot to renew?

Jeff_Stevenson · 19 March 2026 03:10

It shouldn’t have been as I have port 80 forwarded as well (also 443). As a side note the certificate is from Let’s Encrypt, so it is supposed to auto renew.

Greelan · 19 March 2026 03:25

You can check the history here: https://crt.sh/

What’s the proxy_pass line in /etc/nginx/conf.d/<yourdomain>.conf?

Jeff_Stevenson · 19 March 2026 03:37

proxy_pass http://127.0.0.1:8080;

Does this need to be changed that it blocked auto-renewal?

History shows it never revoked, but was expired and has renewed today. BTW thank you a ton for the help.

Greelan · 19 March 2026 03:49

The proxy pass line is fine.

Seems there was an issue with certbot being able to renew. Obviously it was able to do so now so hopefully it won’t repeat.

You can see if there are any certbot/letsencrypt logs in /var/log to figure out what happened previously.

Jeff_Stevenson · 19 March 2026 05:52

Many Many Thanks Greelan! I found no errors in my searching through the journals, but went down a rabbit hole looking for how the renewal was done. Nothing in a CRON jobs, but found there is a systemctl certbot-renew.timer that triggers a certbot-renew.service and the timer was disabled. No idea how that wouldn’t have gotten set up correctly on install, but leaving this here in case anyone does some googling for similar issue.

I enabled/started the timer so that should solve my issue since it shows it will trigger twice a day.

Again I appreciate the assistance!!!