| Let's Encrypt Certificates Not Renewing [message #151589] |
Mon, 09 May 2022 17:02  |
dbosiljevac
Messages: 15
Registered: April 2015
|
|
|
|
Hi all,
When KC 9.4 was released I switched over from having an NGINX reverse-proxy in front of my Kerio Connect, to having direct access and using Let's Encrypt certificates configured natively. I noticed last week that a bunch of my certificates were not getting renewed in time. Has anyone else experienced this behaviour?
Thanks,
Dave
|
|
|
|
|
|
| Re: Let's Encrypt Certificates Not Renewing [message #151595 is a reply to message #151589] |
Tue, 10 May 2022 14:14  |
boisbleu
Messages: 62
Registered: May 2015
|
|
|
|
dbosiljevac wrote on Mon, 09 May 2022 17:02Has anyone else experienced this behaviour?
Yes. During the beta test I thought the mistake was on my side, but as the next renewing doesn't work again, I switched back to commercial encryption, because a 3 years certificate is cheaper than one hour if support. :-/
|
|
|
|
|
|
| Re: Let's Encrypt Certificates Not Renewing [message #151749 is a reply to message #151598] |
Sun, 29 May 2022 19:59 |
ikheetleon
Messages: 31
Registered: January 2008
|
|
|
|
|
The whole Lets Encrypt implementation is a complete shitshow. I had a reverse proxy for certs as well. Worked fine. Decided to switch to native Lets Encrypt support, but my certs won't renew. It seems the issue is when you have the security option "require encrypted connections" enabled. So now every 2 months I switch to insecure connections, renew all certs (getting bug report messages during that task) and wait for another 2 months. I don't know what briliant mind thought that having insecure connections to a mailserver would be fine. Am looking into migrating my stuff away from Kerio Connect, it just keeps getting worse.
|
|
|
|
|
|
|
|
| Re: Let's Encrypt Certificates Not Renewing [message #152061 is a reply to message #152058] |
Sun, 26 June 2022 19:00 |
ikheetleon
Messages: 31
Registered: January 2008
|
|
|
|
Backspin wrote on Sat, 25 June 2022 15:27ikheetleon wrote on Sun, 29 May 2022 19:59The whole Lets Encrypt implementation is a complete shitshow. I had a reverse proxy for certs as well. Worked fine. Decided to switch to native Lets Encrypt support, but my certs won't renew. It seems the issue is when you have the security option "require encrypted connections" enabled. So now every 2 months I switch to insecure connections, renew all certs (getting bug report messages during that task) and wait for another 2 months. I don't know what briliant mind thought that having insecure connections to a mailserver would be fine. Am looking into migrating my stuff away from Kerio Connect, it just keeps getting worse.
Works fine here with "require encrypted connections" enabled. Have you checked that your reverse proxy isn't still in front of Kerio by accident? That would explain your problem.
Nope, reverse proxy is gone. Tripple checked that.
|
|
|
|
|
|
| Re: Let's Encrypt Certificates Not Renewing [message #152525 is a reply to message #152063] |
Fri, 19 August 2022 10:53 |
phil68
Messages: 22
Registered: January 2013
|
|
|
|
I'm in the same boat as ikheetleon - certificates are not renewing, I'm getting Javascript errors when trying to renew manually. Turning on and off encrypted connections dind't help either because the Javascript error - missing library or such - stopped triggering the process of renewing.
https://letsdebug.net says everything is fine (should be anyway otherwise the initial certificates couldn't be issued).
I then created a self signed certificate, set as standard, then tried a renew again - bumm, server not responding anymore for minutes until I restarted from Linux console. After this and turning off encryption I could renew, wow!
Since I manage a number of servers I can just say: No way going for such a procedure manually every 3 months...
So in my opinion the Lets Encrypt implementation is not really working as it is supposed to do - my socat solution I used before did work for longtime without causing such headache.
|
|
|
|
Members
Search
Help
Register
Login
Home
