TSplus fails to update letsencrypt SSL certificate

Get help with troubleshooting issues
Post Reply
User avatar
bzdega
Posts: 141
Joined: Tue Nov 14, 2017 9:34 am

TSplus fails to update letsencrypt SSL certificate

Post by bzdega » Mon Nov 09, 2020 9:01 am

Hi,

we have more and more installations, where TSplus fails to update the letsencrypt certificate.

How does TSplus trigger letsencrypt to release a new SSL certificate? How often and when tries TSplus to update those certificates?

Michael

User avatar
bzdega
Posts: 141
Joined: Tue Nov 14, 2017 9:34 am

Re: TSplus fails to update letsencrypt SSL certificate

Post by bzdega » Tue Nov 10, 2020 8:07 pm

I think, i found what causes this error. Someone installed the IIS-Role on this servers, so port 80 had a binding to the IIS.

Letsencrypt needs to access the TSplus webserver on port 80 to deliver the SSL certificate.

After unstallation the IIS and reinstalling TSplus, i was able to request a new SSL certificate from letsencrypt.

Michael

User avatar
admin
Site Admin
Posts: 1649
Joined: Wed Sep 05, 2012 6:38 am

Re: TSplus fails to update letsencrypt SSL certificate

Post by admin » Fri Nov 13, 2020 9:40 am

Hello,

The certificate needs to be updated every three month, but TSplus service update it every 2 months as a safety measure to make sure the certificate does not reach the end of its validity before the time limit.
Olivier
TSplus support team administrator
Image

User avatar
bzdega
Posts: 141
Joined: Tue Nov 14, 2017 9:34 am

Re: TSplus fails to update letsencrypt SSL certificate

Post by bzdega » Mon Nov 16, 2020 1:52 pm

I have to come back to this issue.

Letsencrypt informs me, that another Server was unable to update the SSL certificate.

I looked into the logfiles under C:\Program Files (x86)\TSplus\UserDesktop\files\.lego\logs and found this error:

Code: Select all

2020/11/15 08:54:09 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org: no such host
Seems, that the update process does not find the letsencrypt host.

Is this a problem, TSplus is aware of?

Michael

User avatar
bzdega
Posts: 141
Joined: Tue Nov 14, 2017 9:34 am

Re: TSplus fails to update letsencrypt SSL certificate

Post by bzdega » Mon Nov 16, 2020 2:36 pm

I discovered a strange behavior when sending a ping to amce-v02.api.letsencrypt.org:
  • my first ping shows "unable to reach host"
  • my second ping on the same address shows a correct answer from that server
After that, i was able to run the renewal process for the ssl certificate in the TS Admin Tool. Don't ask me why...

Michael

Post Reply