NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: Alberto on February 14, 2018, 05:40:35 AM

Title: Suddenly the WS server does not get the LE cert
Post by: Alberto on February 14, 2018, 05:40:35 AM

Hi,
Suddenly the WS server does not get the LE cert, Im getting:

[ 2/14/18-10:35:15]  Unable to get certificate - Challenge was invalid
[ 2/14/18-10:35:15]  Status: "invalid"
[ 2/14/18-10:35:15]  Checking Status
[ 2/14/18-10:35:10]  Status: "pending"
[ 2/14/18-10:35:10]  Checking Status
[ 2/14/18-10:35:10]  Notify Server Challenge is Ready
[ 2/14/18-10:35:09]  LE Server will now fetch http://www.doctoranyplace.com:80/.well-known/acme-challenge/jMVG_dU5kEA8iTaBBPz3VJSzePqSlW9LjcRLbBQxxMY

Ive deleted ACME and certificates and restart and reget the certs and nothing.
Problem is users just cant connect even using port 80, may be because the browser remembers it has to use https, but its difficult to explain each user how to get rid of it.

Please Bruce, help!

Title: Re: Suddenly the WS server does not get the LE cert
Post by: Alberto on February 14, 2018, 09:08:43 AM

Ive
-change the ACME dir to c:/xxxx/web
-change the A registry from Forwarded to the IP
I dont know who could change the A reg, Im sure it was ok
And now LE cert works ok

My problem is:
How to explain the user to use port 80 instead of https when the browser refuse to do it?

Title: Re: Suddenly the WS server does not get the LE cert
Post by: Bruce on February 14, 2018, 11:05:14 PM

Hi Alberto,

>> How to explain the user to use port 80 instead of https when the browser refuse to do it?

your site is either secure, or it's not.
Getting users to use the "unsecure" http just because you've broken the https is not a good approach at all. Browsers know the site is https, and "tricking" it to go back to http is a very (very) bad idea.

The root of the problem of course is why the certificate update failed.
The first point when that happens is to go to
http://www.capesoft.com/docs/NetTalk10/NetTalkWebSecure.htm#Troubleshooting
and work through the steps there.

The LE process seems to be working really well, and with the docs, it's possible to easily debug it to see where the problem is.

cheers
Bruce

Title: Re: Suddenly the WS server does not get the LE cert
Post by: DonRidley on February 15, 2018, 05:15:54 AM

Alberto,

The Let's Encrypt certificate functions appear to working great on my end.  In fact, I just had my first auto "renew" occur.  I checked my NTWS running on my VM and noticed the certificates' dates had changed.  Pretty cool.

Don