This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt Root Zertifikat gültig bis 30.09.2021 (alte R3 / X3 Zertifikatskette)

Auf einigen UTMs werden immer noch neue Let's Encrypt Zertifikate erneuert / neu ausgestellt mit der alten R3 / X3 Root Zertifikatskette.

Das heißt diese sind ab morgen nicht mehr gültig.

Deaktivieren und aktivieren von Let's Encrypt hilft hier nicht.

Weiß jemand, wie man die UTM dazu bringt auf das X1 Zertifikat zu wechseln? 

Gruß Volker



This thread was automatically locked due to age.
Parents
  • Die UTM scheint das abgelaufene Verifizierungszertifikat mit auszuliefern, obwohl das neue ebenfalls schon exisiert. Lösung/Workaround ist das Löschen dieses Zertifikats. Anschließend die Let's-Encrypt-Zertifikate renewen et Voila!

  • I did not delete or manually download any CAs.  The expired CA was replaced in our AWS instance with a cadata pattern update at 22:37 CDT (UTC-0500) on 30 September.  My lab UTM was updated 3 minutes later.  It was still necessary to restart the Proxy.  You can disable/enable Web Filtering in WebAdmin or run the following command as root:

         /var/mdw/scripts/httpproxy restart

    If you're in the Americas and you want to see if your UTM was updated.

        zgrep 'package="cadata"' /var/log/up2date/2021/09/up2date-2021-09-30.log.gz

    In the rest of the world, I suspect it would be:

        zgrep 'package="cadata"' /var/log/up2date/2021/10/up2date-2021-10-01.log.gz

    Cheers und MfG - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • I did not delete or manually download any CAs.  The expired CA was replaced in our AWS instance with a cadata pattern update at 22:37 CDT (UTC-0500) on 30 September.  My lab UTM was updated 3 minutes later.  It was still necessary to restart the Proxy.  You can disable/enable Web Filtering in WebAdmin or run the following command as root:

         /var/mdw/scripts/httpproxy restart

    If you're in the Americas and you want to see if your UTM was updated.

        zgrep 'package="cadata"' /var/log/up2date/2021/09/up2date-2021-09-30.log.gz

    In the rest of the world, I suspect it would be:

        zgrep 'package="cadata"' /var/log/up2date/2021/10/up2date-2021-10-01.log.gz

    Cheers und MfG - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data