Sophos UTM 9.707-5 - Let’s Encrypt failed: Failed to retrieve the current Terms of Service link

Hello, 

I appear to be having issues trying to renew LE Certificates. This started a few days ago (when due for renewal) and initially I did come to this forum for answers and found that one post suggested to update to the latest UTM version. I'm now up to 9.707-5 but still have the same issue. 

Patterns also up to date:

Current pattern version: 204063
Latest available pattern version: 204063

It appears to be related to being unable to find the TOS but all links it shows resolve fine. The certificates I have are used for UTM Management and WAF.

Looking at the logs I see the following after turning the service off and back on...

2021:10:10-09:15:14 utm letsencrypt[9881]: I Create account: creating new Let's Encrypt acccount
2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: Incorrect response code from ACME server: 500
2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: URL was: acme-v02.api.letsencrypt.org/directory
2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: TOS_UNAVAILABLE: Failed to retrieve the current Terms of Service URL
2021:10:10-09:15:15 utm letsencrypt[9881]: E Create account: failed to create account

Prior to that, an attempt at renewing:

2021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: Incorrect response code from ACME server: 500
2021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: URL was: acme-v02.api.letsencrypt.org/directory
2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: handling CSR REF_CaCsrXXXXLetsEncry for domain set [DOMAINS]
2021:10:10-08:44:02 utm letsencrypt[1020]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service
2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: sending notification WARN-603
2021:10:10-08:44:02 utm letsencrypt[1020]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2021:10:10-08:44:02 utm letsencrypt[1020]: I Renew certificate: execution failed

The UTM has been rebooted, no change. I've turned off Web protection, no change...

Any ideas appreciated.

Thanks!
Parents
  • As we know the basic problem will be fixed in a MR. But after solving this one manually we have another problem. Maybe someone knows what to do here as I didn't get an answer to my ticket in the last hours:

    2022-06-22 13:04:50 TLS error on connection from prt-xyz.test.local [192.168.101.174]:52532 (SSL_accept): error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired

    At first I thought ok only certificate is expired. So I came to this thread. Fixed the LE problem but after that (and a reboot) this problem still persists. Internal devices which check the certificate (and chain) have a problem with the new certificate. If I take a self signed one from my own CA it is working without any harm. And before it did with the LE, too. Someone knows the problem?

  • Is solved now without doing anything. Curious...

Reply Children
No Data