NetTalk Central

NetTalk Web Server => Web Server - Ask For Help => Topic started by: CaseyR on December 04, 2020, 12:58:23 PM

Title: NT 11.48 problem renewing Lets Encrypt certificate
Post by: CaseyR on December 04, 2020, 12:58:23 PM

Hi, Bruce

I was glad to get your notice about Lets Encrypt and NT11.48 because I was encountering problems renewing a certificate.  Unfortunately, after updating NT the problem remains.  I have attached the DebugView output for the attempt with one edit.  At line 30 there was very long string starting '{"protected": ' which had what looked like an encryption and its key.  Without knowing what it was I didn't think it would be wise to post it to a public forum. If you need the contents of that string, happy to post or email them.

Thanks a lot.

BTW, is there any hope that LE will go to longer certificate periods?

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: CaseyR on December 04, 2020, 02:10:42 PM

Would help if I included the attachment

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: Richard I on December 04, 2020, 06:15:22 PM

11.48 creates a certificate for me, provided there is no certificate folder in the programs folder
If there is a certificate folder then the fetching routine hangs on the third dialog line.
Cheers
Richard

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: CaseyR on December 07, 2020, 04:13:45 PM

And today it is suddenly working properly. Nothing was changed, it just started working.  Good, I guess, but sure wish I knew what caused it.

Thanks anyway.

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: Richard I on December 07, 2020, 04:47:09 PM

Did you get a new certificate , even though you may have had an existing Certificate folder?
Regards,
Richard

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: Richard I on December 07, 2020, 04:58:59 PM

Yes,
Previously following the apparent failure,  I renamed the existing folder and started fresh.
Today, following your post, I have just tested with an existing certificate folder in place,  containing  a certifcate with issue date of 6 December and now, Im pleased to say that I  have a new certificate dated 8 December.
So as you say , "good!"
Cheers
Richard

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: CaseyR on December 09, 2020, 11:29:50 AM

In my case, I didn't do anything. Didn't change the certificate folder; didn't remove the old certificate. Just fired up the app and it ran through the process completely, instead of stopping at the same point it had for the last few days. I should mention I was well into the last month of the certificate's validity before things started working properly.

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: Bruce on December 09, 2020, 07:24:33 PM

>> BTW, is there any hope that LE will go to longer certificate periods?

For various security reasons, shorter periods are desirable, not longer ones. This is filtering through to browsers as well - they used to accept anything up to 10 year expiry dates, now it's limited to 1 year.

So no, I don't think LE will go longer, if anything they may go shorter (although that seems unlikely at this point).

Regarding your errors Casey;
the on-screen log on the settings tab would have been most useful as well.

And - am I correct in saying that your server machine is behind a Proxy server when making _outgoing_ requests? Are you running any AV on this server?

Cheers
Bruce

Title: Re: NT 11.48 problem renewing Lets Encrypt certificate
Post by: CaseyR on December 10, 2020, 01:43:28 PM

Thanks, Bruce

Might be the AV. I let the Malware Bytes trial expire a few days ago.

If the problem happens again next month, I will send you the activity log as well as the Debug output.