Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 6 subscribers
  • Views 2959 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Latest UTM and Let's Encrypt Failures

Exrace

Having issues recently with renewing LE certificates.
For some time, I had a _acme-challenge. TXT record in my UTM firewall domain name.
I don't recall how I got the token, but LE was working fine until this year. Possibly the April changes broke validation using this token as the notes talk about requiring a way to automate adding a challenge record to DNS.

What are others doing to fix this?

Need see if there is a way to create this token at Lets' Encrypt.

The LE log is a bit useless for this:
2024:07:04-00:46:02 xxx letsencrypt[31867]: I Renew certificate: execution failed
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: Incorrect response code from ACME server: 500
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: URL was: acme-v02.api.letsencrypt.org/directory
2024:07:04-08:47:01 xxx letsencrypt[13531]: I Renew certificate: handling CSR REF_CaCsrYellowExt12 for domain set [xxx.domain.com]
2024:07:04-08:47:01 xxx letsencrypt[13531]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service



This thread was automatically locked due to age.
Parents
  • 0

    Just ran into this on my xgs device.

    It seems it is using a new CA to generate the cert

    Try downloading the R11 cert from letsencrypt.org/certificates (the link next to where it says signed by ISRG Root X1)

    and install into the certificate authorities on the device.

    Oh i did a firmware update just before i did this, was wondering if that would fix the validation error but it didnt and i had to upload that cert.

    My previous certs were using the R3 CA, which has apparently been retired.

Reply
  • 0

    Just ran into this on my xgs device.

    It seems it is using a new CA to generate the cert

    Try downloading the R11 cert from letsencrypt.org/certificates (the link next to where it says signed by ISRG Root X1)

    and install into the certificate authorities on the device.

    Oh i did a firmware update just before i did this, was wondering if that would fix the validation error but it didnt and i had to upload that cert.

    My previous certs were using the R3 CA, which has apparently been retired.

Children
Unfiltered HTML