Hello,
I appear to be having issues trying to renew LE Certificates. This started a few days ago (when due for renewal) and initially I did come to this forum for answers and found that one post suggested to update to the latest UTM version. I'm now up to 9.707-5 but still have the same issue.
Patterns also up to date:
Current pattern version: 204063Latest available pattern version: 204063
It appears to be related to being unable to find the TOS but all links it shows resolve fine. The certificates I have are used for UTM Management and WAF.
Looking at the logs I see the following after turning the service off and back on...
2021:10:10-09:15:14 utm letsencrypt[9881]: I Create account: creating new Let's Encrypt acccount 2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: Incorrect response code from ACME server: 500 2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: URL was: acme-v02.api.letsencrypt.org/directory 2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: TOS_UNAVAILABLE: Failed to retrieve the current Terms of Service URL 2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: failed to create accountPrior to that, an attempt at renewing:2021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: Incorrect response code from ACME server: 5002021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: URL was: acme-v02.api.letsencrypt.org/directory2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: handling CSR REF_CaCsrXXXXLetsEncry for domain set [DOMAINS]2021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: sending notification WARN-6032021:10:10-08:44:02 utm letsencrypt[1020]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: execution failedThe UTM has been rebooted, no change. I've turned off Web protection, no change...Any ideas appreciated.Thanks!
For my UTM the following steps worked to renew the certificates again:
- Go to Webserver Protection → Certificate Management → Certificate Authority- Delete the ISRG X1-Root CA (so that only…
As we know the basic problem will be fixed in a MR. But after solving this one manually we have another problem. Maybe someone knows what to do here as I didn't get an answer to my ticket in the last hours:
2022-06-22 13:04:50 TLS error on connection from prt-xyz.test.local [192.168.101.174]:52532 (SSL_accept): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired
At first I thought ok only certificate is expired. So I came to this thread. Fixed the LE problem but after that (and a reboot) this problem still persists. Internal devices which check the certificate (and chain) have a problem with the new certificate. If I take a self signed one from my own CA it is working without any harm. And before it did with the LE, too. Someone knows the problem?
Is solved now without doing anything. Curious...