NetTalk Central

Author Topic: Suddenly the WS server does not get the LE cert  (Read 4287 times)

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Suddenly the WS server does not get the LE cert
« on: February 14, 2018, 05:40:35 AM »
Hi,
Suddenly the WS server does not get the LE cert, Im getting:

[ 2/14/18-10:35:15]  Unable to get certificate - Challenge was invalid
[ 2/14/18-10:35:15]  Status: "invalid"
[ 2/14/18-10:35:15]  Checking Status
[ 2/14/18-10:35:10]  Status: "pending"
[ 2/14/18-10:35:10]  Checking Status
[ 2/14/18-10:35:10]  Notify Server Challenge is Ready
[ 2/14/18-10:35:09]  LE Server will now fetch http://www.doctoranyplace.com:80/.well-known/acme-challenge/jMVG_dU5kEA8iTaBBPz3VJSzePqSlW9LjcRLbBQxxMY

Ive deleted ACME and certificates and restart and reget the certs and nothing.
Problem is users just cant connect even using port 80, may be because the browser remembers it has to use https, but its difficult to explain each user how to get rid of it.

Please Bruce, help!
-----------
Regards
Alberto

Alberto

  • Hero Member
  • *****
  • Posts: 1873
    • MSN Messenger - alberto-michelis@hotmail.com
    • View Profile
    • ARMi software solutions
    • Email
Re: Suddenly the WS server does not get the LE cert
« Reply #1 on: February 14, 2018, 09:08:43 AM »
Ive
-change the ACME dir to c:/xxxx/web
-change the A registry from Forwarded to the IP
I dont know who could change the A reg, Im sure it was ok
And now LE cert works ok

My problem is:
How to explain the user to use port 80 instead of https when the browser refuse to do it?
-----------
Regards
Alberto

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Suddenly the WS server does not get the LE cert
« Reply #2 on: February 14, 2018, 11:05:14 PM »
Hi Alberto,

>> How to explain the user to use port 80 instead of https when the browser refuse to do it?

your site is either secure, or it's not.
Getting users to use the "unsecure" http just because you've broken the https is not a good approach at all. Browsers know the site is https, and "tricking" it to go back to http is a very (very) bad idea.

The root of the problem of course is why the certificate update failed.
The first point when that happens is to go to
http://www.capesoft.com/docs/NetTalk10/NetTalkWebSecure.htm#Troubleshooting
and work through the steps there.

The LE process seems to be working really well, and with the docs, it's possible to easily debug it to see where the problem is.

cheers
Bruce

DonRidley

  • Don Ridley
  • Global Moderator
  • Hero Member
  • *****
  • Posts: 729
  • donaldridley2011@gmail.com
    • View Profile
    • Email
Re: Suddenly the WS server does not get the LE cert
« Reply #3 on: February 15, 2018, 05:15:54 AM »
Alberto,

The Let's Encrypt certificate functions appear to working great on my end.  In fact, I just had my first auto "renew" occur.  I checked my NTWS running on my VM and noticed the certificates' dates had changed.  Pretty cool.

Don
"Eliminate the impossible, whatever remains, however unlikely, must be the truth."

NetTalk 12.55
Clarion 11