Runbook: Certificate Renewal
Purpose
Resolve TLS certificate renewal failures for RavenmaskOS endpoints.
Symptoms
- Browser warnings about expired certificates
- Traefik logs show ACME renewal errors
Prerequisites
- SSH access to odin
- Cloudflare DNS access
Procedure
Step 1: Check Traefik logs
ssh ravenhelm@100.115.101.81 "docker logs traefik --tail 200"
Step 2: Verify DNS records
Confirm DNS records for the affected domain resolve to the correct host.
Step 3: Validate ACME storage
ssh ravenhelm@100.115.101.81 "ls -lh ~/ravenhelm/data/traefik/acme.json"
Step 4: Restart Traefik
ssh ravenhelm@100.115.101.81 "docker restart traefik"
Verification
curl -I https://\<service\>.ravenhelm.dev
Rollback
If the issue persists, revert DNS changes and review Traefik configuration for ACME settings.