Hi,
we have more and more installations, where TSplus fails to update the letsencrypt certificate.
How does TSplus trigger letsencrypt to release a new SSL certificate? How often and when tries TSplus to update those certificates?
Michael
TSplus fails to update letsencrypt SSL certificate
Re: TSplus fails to update letsencrypt SSL certificate
I think, i found what causes this error. Someone installed the IIS-Role on this servers, so port 80 had a binding to the IIS.
Letsencrypt needs to access the TSplus webserver on port 80 to deliver the SSL certificate.
After unstallation the IIS and reinstalling TSplus, i was able to request a new SSL certificate from letsencrypt.
Michael
Letsencrypt needs to access the TSplus webserver on port 80 to deliver the SSL certificate.
After unstallation the IIS and reinstalling TSplus, i was able to request a new SSL certificate from letsencrypt.
Michael
Re: TSplus fails to update letsencrypt SSL certificate
Hello,
The certificate needs to be updated every three month, but TSplus service update it every 2 months as a safety measure to make sure the certificate does not reach the end of its validity before the time limit.
The certificate needs to be updated every three month, but TSplus service update it every 2 months as a safety measure to make sure the certificate does not reach the end of its validity before the time limit.
Olivier
TSplus support team administrator
TSplus support team administrator
Re: TSplus fails to update letsencrypt SSL certificate
I have to come back to this issue.
Letsencrypt informs me, that another Server was unable to update the SSL certificate.
I looked into the logfiles under C:\Program Files (x86)\TSplus\UserDesktop\files\.lego\logs and found this error:
Seems, that the update process does not find the letsencrypt host.
Is this a problem, TSplus is aware of?
Michael
Letsencrypt informs me, that another Server was unable to update the SSL certificate.
I looked into the logfiles under C:\Program Files (x86)\TSplus\UserDesktop\files\.lego\logs and found this error:
Code: Select all
2020/11/15 08:54:09 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org: no such host
Is this a problem, TSplus is aware of?
Michael
Re: TSplus fails to update letsencrypt SSL certificate
I discovered a strange behavior when sending a ping to amce-v02.api.letsencrypt.org:
Michael
- my first ping shows "unable to reach host"
- my second ping on the same address shows a correct answer from that server
Michael