Unable to download Let's Encrypt certificate

Hi guys,

I've a problem with Let's Encrypt certificate, I hope it's the right category.

I explain : I configured 3 auto-renew certificates with Let's Encrypt, this work fine :) First one has 12 domains, second one has 10 and third has 1. When I try to download the third, no problem : I put PKCS12 password and certificate is downloading. When I try to do the same with first and second one, nothing happening after I put PKCS12 password. I've done the same test with PEM export and try another browser with same problem. I check log but it seems no error about this.

I'm running Sophos UTM 9.605-1

Have you any idea of what happening or what I've done wrong ? Some of you have same problem ?

Many thanks in advance.

Steven

  • Salut Steven and welcome to the UTM Community!

    Are you able to make those first two work with anything else?  What are you doing to make the PKCS#12 file multi-domain?

    Cheers - Bob

  • In reply to BAlfson:

    Hi Bob, thanks for your answer :)

    Those certificates only work with Sophos as it's UTM which create them. They are used with reverse proxy and I've no problem with it, renew works fine too. I'm using this way since it's not yet possible to create a wildcard certificate.

    To make PKC12 file, I go to "Webserver Protection" and "Certificate manage". Here I found all certificate save on UTM like this and I click on "Télécharger" (download) button for this one I need. 

    Once done, new popup open to enter password, repeat password and click on Télécharger. 

    Popup closing and nothing happen.

    Hope it can help you.

    Best regards,

     

    Steven

  • In reply to Steven Lamouroux:

    I query one like these via REST, which is working fine. Didn’t try via GUI till now. But I will try that later.

    Strange thing.

    BR

    Alex

  • In reply to Alexander Busch:

    Hi,

    I think I've understand why it doesn't work with GUI, thanks Alex for putting me on the right track. Friendly name of certificate is "Auto-Renew Let'sEncrypte Skype", this name contains an apostrophe. File generation works fine, I can found it in CLI on Sophos : 

    vmapp-sophos:/var/sec/chroot-httpd/var/webadmin/var/SzeighXvkDffiVWYAodS/downloads/REF_AoRCSeTDnYQI # ls
    Auto-Renew Let'sEncrypt Skype.p12

    This file contains apostrophe too. If I put this URL in browser (ip_of_UTM:port_UTM/.../Auto-Renew Let'sEncrypt Skype.p12), file is downloading. The certificate which contains only one domain has not apostrophe in his name, others one yes, that's why it can be downloaded. Maybe Sophos doesn't well generate URL when friendly name contain apostrophe ?

    I can now use Let'sEncrypt certificate.

    Thanks for your help Big Smile

    Steven

  • In reply to Steven Lamouroux:

    Hi Steven,

    glad you found the culprit. Sophos should check the string at time of generating the cert. Today this should not be a problem, but sometimes special characters causes that.

    In german I try to skip the umlaut characters  ;-)

    Best regards

    Alex

  • Hi,

     

    thanks for reporting. We're tracking this issue as NUTM-11191.

     

    Best

     Sabine