GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Let's Encrypt Certificates Not Renewing
Let's Encrypt Certificates Not Renewing [message #151589] Mon, 09 May 2022 17:02 Go to next message
dbosiljevac is currently online  dbosiljevac
Messages: 14
Registered: April 2015
Hi all,

When KC 9.4 was released I switched over from having an NGINX reverse-proxy in front of my Kerio Connect, to having direct access and using Let's Encrypt certificates configured natively. I noticed last week that a bunch of my certificates were not getting renewed in time. Has anyone else experienced this behaviour?

Thanks,

Dave
Re: Let's Encrypt Certificates Not Renewing [message #151590 is a reply to message #151589] Mon, 09 May 2022 23:28 Go to previous messageGo to next message
chrisc is currently offline  chrisc
Messages: 102
Registered: January 2022
Hi dbosiljevac, just a kind reminder that our technical support team is always there to lend a helping hand with whatever issue you are facing.

Chris Contorinis
Customer Care Specialist
GFI Software
Re: Let's Encrypt Certificates Not Renewing [message #151595 is a reply to message #151589] Tue, 10 May 2022 14:14 Go to previous messageGo to next message
boisbleu is currently offline  boisbleu
Messages: 61
Registered: May 2015
dbosiljevac wrote on Mon, 09 May 2022 17:02
Has anyone else experienced this behaviour?
Yes. During the beta test I thought the mistake was on my side, but as the next renewing doesn't work again, I switched back to commercial encryption, because a 3 years certificate is cheaper than one hour if support. :-/
Re: Let's Encrypt Certificates Not Renewing [message #151598 is a reply to message #151595] Tue, 10 May 2022 17:12 Go to previous messageGo to next message
freakinvibe is currently offline  freakinvibe
Messages: 588
Registered: April 2004
You can only have 1-year public certificates maximum. 3-year certificates are prohibited for a long time now.

Anyhow, I understand that getting support can easily be more expensive than a certificate. Ideally, Letsencrypt is set and forget and then it works well. If you get problems, it can be quite time-consuming to sort those out. From your screenshot, it seems strange to me that a certificate has been issued every day. As far as I understand Letsencrypt, a certificate is valid for 90 days and 30 days before expiry, Letsencrypt will try to renew.

So yes, you should open a ticket with support and check why this does not work for you.


Dexion Services AG - IT Support Services in Basel, Switzerland
https://dexionag.ch
Re: Let's Encrypt Certificates Not Renewing [message #151749 is a reply to message #151598] Sun, 29 May 2022 19:59 Go to previous messageGo to next message
ikheetleon is currently offline  ikheetleon
Messages: 31
Registered: January 2008
The whole Lets Encrypt implementation is a complete shitshow. I had a reverse proxy for certs as well. Worked fine. Decided to switch to native Lets Encrypt support, but my certs won't renew. It seems the issue is when you have the security option "require encrypted connections" enabled. So now every 2 months I switch to insecure connections, renew all certs (getting bug report messages during that task) and wait for another 2 months. I don't know what briliant mind thought that having insecure connections to a mailserver would be fine. Am looking into migrating my stuff away from Kerio Connect, it just keeps getting worse.
Re: Let's Encrypt Certificates Not Renewing [message #152057 is a reply to message #151749] Sat, 25 June 2022 10:48 Go to previous messageGo to next message
brauner is currently offline  brauner
Messages: 111
Registered: February 2010
<wrong forum>

[Updated on: Sat, 25 June 2022 11:17]

Report message to a moderator

Re: Let's Encrypt Certificates Not Renewing [message #152058 is a reply to message #151749] Sat, 25 June 2022 15:27 Go to previous messageGo to next message
Backspin is currently offline  Backspin
Messages: 125
Registered: June 2008
Location: Amsterdam, the Netherland...
ikheetleon wrote on Sun, 29 May 2022 19:59
The whole Lets Encrypt implementation is a complete shitshow. I had a reverse proxy for certs as well. Worked fine. Decided to switch to native Lets Encrypt support, but my certs won't renew. It seems the issue is when you have the security option "require encrypted connections" enabled. So now every 2 months I switch to insecure connections, renew all certs (getting bug report messages during that task) and wait for another 2 months. I don't know what briliant mind thought that having insecure connections to a mailserver would be fine. Am looking into migrating my stuff away from Kerio Connect, it just keeps getting worse.
Works fine here with "require encrypted connections" enabled. Have you checked that your reverse proxy isn't still in front of Kerio by accident? That would explain your problem.


Re: Let's Encrypt Certificates Not Renewing [message #152061 is a reply to message #152058] Sun, 26 June 2022 19:00 Go to previous messageGo to next message
ikheetleon is currently offline  ikheetleon
Messages: 31
Registered: January 2008
Backspin wrote on Sat, 25 June 2022 15:27
ikheetleon wrote on Sun, 29 May 2022 19:59
The whole Lets Encrypt implementation is a complete shitshow. I had a reverse proxy for certs as well. Worked fine. Decided to switch to native Lets Encrypt support, but my certs won't renew. It seems the issue is when you have the security option "require encrypted connections" enabled. So now every 2 months I switch to insecure connections, renew all certs (getting bug report messages during that task) and wait for another 2 months. I don't know what briliant mind thought that having insecure connections to a mailserver would be fine. Am looking into migrating my stuff away from Kerio Connect, it just keeps getting worse.
Works fine here with "require encrypted connections" enabled. Have you checked that your reverse proxy isn't still in front of Kerio by accident? That would explain your problem.
Nope, reverse proxy is gone. Tripple checked that.
Re: Let's Encrypt Certificates Not Renewing [message #152063 is a reply to message #152061] Sun, 26 June 2022 23:54 Go to previous messageGo to next message
Backspin is currently offline  Backspin
Messages: 125
Registered: June 2008
Location: Amsterdam, the Netherland...
Have you tried https://letsdebug.net to check? Helped me out several times.

Re: Let's Encrypt Certificates Not Renewing [message #152525 is a reply to message #152063] Fri, 19 August 2022 10:53 Go to previous message
phil68 is currently offline  phil68
Messages: 21
Registered: January 2013
I'm in the same boat as ikheetleon - certificates are not renewing, I'm getting Javascript errors when trying to renew manually. Turning on and off encrypted connections dind't help either because the Javascript error - missing library or such - stopped triggering the process of renewing.
https://letsdebug.net says everything is fine (should be anyway otherwise the initial certificates couldn't be issued).

I then created a self signed certificate, set as standard, then tried a renew again - bumm, server not responding anymore for minutes until I restarted from Linux console. After this and turning off encryption I could renew, wow!
Since I manage a number of servers I can just say: No way going for such a procedure manually every 3 months...

So in my opinion the Lets Encrypt implementation is not really working as it is supposed to do - my socat solution I used before did work for longtime without causing such headache.
Previous Topic: MS 365 v2207 and KOFF 9.4.2-6498
Next Topic: Set default font used in Webmail
Goto Forum:
  


Current Time: Thu Dec 01 00:48:52 CET 2022

Total time taken to generate the page: 0.03273 seconds