Let's encrypt error

After I enabled the Let's encrypt (Under WAF) , I get this error:

Logging:

2018:09:24-12:14:12 mail letsencrypt[8563]: I Create account: creating new Let's Encrypt acccount
2018:09:24-12:14:12 mail letsencrypt[8563]: E Create account: TOS_UNAVAILABLE: Failed to retrieve current Terms of Service from remote server: 500 SSL_ca_path /etc/ssl/certs is not accessable
2018:09:24-12:14:12 mail letsencrypt[8563]: E Create account: failed to create account
Parents
  • twister5800 said:

    After I enabled the Let's encrypt (Under WAF) , I get this error: 

    Thanks for reporting this. Unfortunately the permissions of /etc/ssl/certs are no set properly by the Beta update.

    You can fix this on the command line:

    chmod 0755 /etc/ssl/certs

    Then try again to enable Let's Encrypt.

    We're tracking this as NUTM-10315.

  • And we are happy:

    2018:09:24-13:48:39 mail letsencrypt[22832]: I Create account: creating new Let's Encrypt acccount
    2018:09:24-13:48:40 mail letsencrypt[22832]: I Create account: running command: /var/storage/chroot-reverseproxy/usr/dehydrated/bin/dehydrated -f /var/storage/chroot-reverseproxy/usr/dehydrated/conf/config --register --accept-terms



    :-)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • You can type wildcard names, which gives error notifications, UTM should deny even creating them in Webadmin :-)

     
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: Connection: close
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED:
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: {
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "type": "urn:acme:error:malformed",
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "detail": "Error creating new authz :: Wildcard names not supported",
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "status": 400
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: }
    2018:09:24-13:52:07 mail letsencrypt[23910]: I Renew certificate: sending notification WARN-603
    2018:09:24-13:52:07 mail letsencrypt[23910]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
    2018:09:24-13:52:07 mail letsencrypt[23910]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)
     
     

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • twister5800 said:

    You can type wildcard names, which gives error notifications, UTM should deny even creating them in Webadmin :-)

    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: Connection: close
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED:
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: {
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "type": "urn:acme:error:malformed",
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "detail": "Error creating new authz :: Wildcard names not supported",
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: "status": 400
    2018:09:24-13:52:06 mail letsencrypt[23910]: E Renew certificate: COMMAND_FAILED: }
    2018:09:24-13:52:07 mail letsencrypt[23910]: I Renew certificate: sending notification WARN-603
    2018:09:24-13:52:07 mail letsencrypt[23910]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
    2018:09:24-13:52:07 mail letsencrypt[23910]: I Renew certificate: execution completed (CSRs renewed: 0, failed: 1)

    Thank you for your feedback. We've filed this issue internally and are tracking it now as NUTM-10316.

  • twister5800 said:

    You can type wildcard names, which gives error notifications, UTM should deny even creating them in Webadmin :-)

     

     
    No please don't deny it, but properly support wildcard domains (which are supported by Let's Encrypt).

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Perfectly agree ;)

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v20 Technician

  • Reply Children
    No Data