This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest UTM and Let's Encrypt Failures

Having issues recently with renewing LE certificates.
For some time, I had a _acme-challenge. TXT record in my UTM firewall domain name.
I don't recall how I got the token, but LE was working fine until this year. Possibly the April changes broke validation using this token as the notes talk about requiring a way to automate adding a challenge record to DNS.

What are others doing to fix this?

Need see if there is a way to create this token at Lets' Encrypt.

The LE log is a bit useless for this:
2024:07:04-00:46:02 xxx letsencrypt[31867]: I Renew certificate: execution failed
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: Incorrect response code from ACME server: 500
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: URL was: acme-v02.api.letsencrypt.org/directory
2024:07:04-08:47:01 xxx letsencrypt[13531]: I Renew certificate: handling CSR REF_CaCsrYellowExt12 for domain set [xxx.domain.com]
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service



This thread was automatically locked due to age.
Parents Reply
  • I wonder if this server has a corrupted cert store.
    I tried adding the R11 CA and it made no difference.
    Odd is I have another server I copied this current servers config from by importing and the source server has no issues.
    Curl shows similar errors when run with the -vvvv -I -L -k parameters.
    What is the best way to force UTM to refresh the certs required for LE?

Children
No Data