NetTalk Central

Author Topic: certificate error i need help urgent  (Read 5898 times)

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
certificate error i need help urgent
« on: June 26, 2022, 05:09:54 AM »
i try multiple options inclusive delete de certificate directory, the cmd for generate the certificate run but at final fire this error, the firewall is off an the port 443 and 80 is open

The requested connection to acme-v02.api.letsencrypt.org could not be opened. The Open command timed out or failed to connect


Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: certificate error i need help urgent
« Reply #1 on: June 27, 2022, 12:46:19 AM »
Posting the log of the certificate process, or emailing that to me, may give clues as to what is happening.
Also, which build of NetTalk are you using?

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #2 on: June 27, 2022, 03:09:36 AM »
the version is NT12.37 and the log i believe is this, my certificate expired yesterday.

[ 6/27/22- 7:05:21]  The requested connection to acme-v02.api.letsencrypt.org could not be opened. The Open command timed out or failed to connect
[ 6/27/22- 7:05:21]  Time to update the certificate fecipur.org
[ 6/27/22- 7:05:21]  C:\Apps\FecipurV12\certificates\fecipur.org.crt does not exist
[ 6/27/22- 7:05:21]  Setting Folders for Domain [fecipur.org]
[ 6/27/22- 7:05:21]  Created C:\Apps\FecipurV12\certificates\ciclismopr.net.csr.der
[ 6/27/22- 7:05:21]  Setting Folders for Domain [ciclismopr.net]
[ 6/27/22- 7:05:21]  Created C:\Apps\FecipurV12\certificates\fecipur.net.csr.der
[ 6/27/22- 7:05:20]  Setting Folders for Domain [fecipur.net]
[ 6/27/22- 7:05:20]  Created C:\Apps\FecipurV12\certificates\fecipur.org.csr.der
[ 6/27/22- 7:05:20]  Setting Folders for Domain [fecipur.org]
[ 6/27/22- 7:05:20]  Created C:\Apps\FecipurV12\certificates\fecipur-LE.key
[ 6/27/22- 7:05:18]  Created C:\Apps\FecipurV12\certificates\fecipur-CA.crt
[ 6/27/22- 7:05:17]  Created C:\Apps\FecipurV12\certificates\fecipur-CA.key

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #3 on: June 27, 2022, 04:36:25 AM »
It just worked, I don't know what the solution was, compile in 12.41 delete the certificate directory and copy the CARoot.Pem and now it worked, but I had never had the CARoot.Pem and it worked

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: certificate error i need help urgent
« Reply #4 on: June 28, 2022, 09:57:41 PM »
almost certainly the missing caroot.pem
At least you will definitly get this error if that is missing.

For NetTalk 14 I've added an extra test, and the log will show if the file is missing.

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #5 on: July 05, 2022, 03:15:12 PM »
another site certificate error,  only one domain is generate track.magictransport.com the tracking.magictransport.com not generate

webtrack.magictransport.com
track.magictransport.com
tracking.magictransport.com

what is this error: The URL for the Fetch command was blank

and webtrack.magictransport.com generate a certificate but don't load styles

[ 7/05/22-18:38:37]  The URL for the Fetch command was blank
[ 7/05/22-18:38:37]  Get Authorize tracking.magictransport.com
[ 7/05/22-18:38:36]  Authorize Request tracking.magictransport.com
[ 7/05/22-18:38:35]  Registering Account magictransport at  https://acme-v02.api.letsencrypt.org/acme/new-acct
[ 7/05/22-18:38:34]  Time to update the certificate tracking.magictransport.com
[ 7/05/22-18:38:34]  C:\WebApps\certificates\tracking.magictransport.com.crt does not exist
[ 7/05/22-18:38:34]  Setting Folders for Domain [tracking.magictransport.com]
[ 7/05/22-18:38:34]  Dates: track.magictransport.com From: 5 JUL 2022 To: 3 OCT 2022
[ 7/05/22-18:38:33]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:33]  Dates: webtrack.magictransport.com From: 5 JUL 2022 To: 3 OCT 2022
[ 7/05/22-18:38:33]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:33]  Certificate received For track.magictransport.com
[ 7/05/22-18:38:33]  Requesting Certificate For track.magictransport.com
[ 7/05/22-18:38:32]  Finalized. Will now fetch certificate
[ 7/05/22-18:38:32]  Finalize Request track.magictransport.com
[ 7/05/22-18:38:31]  Hostname resolved to: 67.206.199.66
[ 7/05/22-18:38:31]  Challenge was valid. Will now finalize
[ 7/05/22-18:38:31]  Status: "valid"
[ 7/05/22-18:38:31]  Get Authorize track.magictransport.com
[ 7/05/22-18:38:31]  Checking Status
[ 7/05/22-18:38:23]  Status: "pending"
[ 7/05/22-18:38:23]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:23]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:23]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:23]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:22]  Get Authorize track.magictransport.com
[ 7/05/22-18:38:22]  Checking Status
[ 7/05/22-18:38:22]  Notify Server Challenge is Ready
[ 7/05/22-18:38:21]  LE Server will now fetch http://track.magictransport.com:80/.well-known/acme-challenge/d4pnUxBYpfYBgUc8JFOAqtpbEmptQJjwLbIgmFuFUCs
[ 7/05/22-18:38:21]  Challenge Token Saved C:\WebApps\web\.well-known\acme-challenge\d4pnUxBYpfYBgUc8JFOAqtpbEmptQJjwLbIgmFuFUCs
[ 7/05/22-18:38:21]  Get Authorize track.magictransport.com
[ 7/05/22-18:38:20]  Authorize Request track.magictransport.com
[ 7/05/22-18:38:20]  Registering Account magictransport at  https://acme-v02.api.letsencrypt.org/acme/new-acct
[ 7/05/22-18:38:18]  Time to update the certificate track.magictransport.com
[ 7/05/22-18:38:18]  C:\WebApps\certificates\track.magictransport.com.crt does not exist
[ 7/05/22-18:38:18]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:38:18]  Dates: webtrack.magictransport.com From: 5 JUL 2022 To: 3 OCT 2022
[ 7/05/22-18:38:18]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:18]  Certificate received For webtrack.magictransport.com
[ 7/05/22-18:38:17]  Requesting Certificate For webtrack.magictransport.com
[ 7/05/22-18:38:17]  Finalized. Will now fetch certificate
[ 7/05/22-18:38:16]  Finalize Request webtrack.magictransport.com
[ 7/05/22-18:38:16]  Hostname resolved to: 67.206.199.66
[ 7/05/22-18:38:16]  Challenge was valid. Will now finalize
[ 7/05/22-18:38:16]  Status: "valid"
[ 7/05/22-18:38:15]  Get Authorize webtrack.magictransport.com
[ 7/05/22-18:38:15]  Checking Status
[ 7/05/22-18:38:10]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:10]  Status: "pending"
[ 7/05/22-18:38:10]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:09]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:09]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:09]  Get Authorize webtrack.magictransport.com
[ 7/05/22-18:38:09]  Checking Status
[ 7/05/22-18:38:08]  Notify Server Challenge is Ready
[ 7/05/22-18:38:08]  LE Server will now fetch http://webtrack.magictransport.com:80/.well-known/acme-challenge/M0aWGATfD3meCWITlojgtb11KBSgUr2BQd6lTiL7PeM
[ 7/05/22-18:38:08]  Challenge Token Saved C:\WebApps\web\.well-known\acme-challenge\M0aWGATfD3meCWITlojgtb11KBSgUr2BQd6lTiL7PeM
[ 7/05/22-18:38:08]  Get Authorize webtrack.magictransport.com
[ 7/05/22-18:38:07]  Authorize Request webtrack.magictransport.com
[ 7/05/22-18:38:06]  Registering Account magictransport at  https://acme-v02.api.letsencrypt.org/acme/new-acct
[ 7/05/22-18:38:04]  Time to update the certificate webtrack.magictransport.com
[ 7/05/22-18:38:04]  C:\WebApps\certificates\webtrack.magictransport.com.crt does not exist
[ 7/05/22-18:38:04]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:38:04]  Created C:\WebApps\certificates\tracking.magictransport.com.csr.der
[ 7/05/22-18:38:04]  Created C:\WebApps\certificates\tracking.magictransport.com.csr
[ 7/05/22-18:38:04]  Created C:\WebApps\certificates\tracking.magictransport.com.key
[ 7/05/22-18:37:53]  Setting Folders for Domain [tracking.magictransport.com]
[ 7/05/22-18:37:53]  Created C:\WebApps\certificates\track.magictransport.com.csr.der
[ 7/05/22-18:37:52]  Created C:\WebApps\certificates\track.magictransport.com.csr
[ 7/05/22-18:37:52]  Created C:\WebApps\certificates\track.magictransport.com.key
[ 7/05/22-18:37:49]  Setting Folders for Domain [track.magictransport.com]
[ 7/05/22-18:37:49]  Created C:\WebApps\certificates\webtrack.magictransport.com.csr.der
[ 7/05/22-18:37:49]  Created C:\WebApps\certificates\webtrack.magictransport.com.csr
[ 7/05/22-18:37:48]  Created C:\WebApps\certificates\webtrack.magictransport.com.key
[ 7/05/22-18:37:45]  Setting Folders for Domain [webtrack.magictransport.com]
[ 7/05/22-18:37:45]  Created C:\WebApps\certificates\magictransport-LE.key
[ 7/05/22-18:37:39]  Created C:\WebApps\certificates\magictransport-CA.crt
[ 7/05/22-18:37:39]  Created C:\WebApps\certificates\magictransport-CA.key

Jane

  • Sr. Member
  • ****
  • Posts: 372
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #6 on: July 05, 2022, 04:59:42 PM »
These observations may have nothing to do with your problem, but interesting anyway...

It does seem that you requested tracking.magictransport.com 5 times today prior to this current log that you're showing. 
(This link lets you click on each certificate and see when it was processed: https://crt.sh/?q=magictransport.com)

Let's Encrypt rate limits are spelled out here: https://letsencrypt.org/docs/rate-limits/

I haven't delved into Let's Encrypt enough to understand what they mean by "accounts"... but the linked document says "You can create a maximum of 10 Accounts per IP Address per 3 hours". 
I notice from your NetTalk log that each of the requests includes a log entry " Registering Account magictransport...."
Again, I don't know if Let's Encrypt considers that "creating" an account, which they limit to 10 per IP address per 3 hours.  (Is it possible to re-use an account rather than "registering" it each time?  Bruce would know, I don't.)

But if you click the links in the crt.sh link, the first timestamp for 7/5/2022 is 21:04:53 UTC and the newest is 22:57:08 UTC.  So that's 11 within less than 2 hours.

FWIW.

Cheers,

Jane



osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #7 on: July 06, 2022, 02:53:20 AM »
Jane, thanks for a link and it was me trying to renew, is my primary customer and need immediate support, but the other issue is the webtrack.magictransport.com, the certificate is created but don't why the style is not loaded.

Does anyone have a certificate that is not LetsenCrypt and how is it implemented with NT?

Jane

  • Sr. Member
  • ****
  • Posts: 372
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #8 on: July 06, 2022, 07:44:21 AM »
I don't understand what the style has to do with the certificate?  Is this a new server?  Has it EVER worked?  If I'm connecting to the right site (second pic), it seems to have a valid certificate and is getting CSS. ??

As for a certificate that is not Let's Encrypt, the pic below is an NT server using a DigiCert cert.  Is that what you're asking?


osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #9 on: July 06, 2022, 07:59:26 AM »
humm, thanks again Jane, the problem is Avast Browser that is my default, take a look of my problem

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: certificate error i need help urgent
« Reply #10 on: July 06, 2022, 10:18:47 PM »
Hi Osa,

If you are seeing any data from the web server then the TLS connection has been made, which means the certificate is working.
So it seems you have cleared that hurdle at least.

>> but don't why the style is not loaded.

Because it's not in the web folder, as specified in your program.
So first, check your runtime settings on the settings / site tab. There is a setting for the web folder there.
then go to that folder in windows explorer. See if the necessary style, theme and script folders are there, and populated with your files.

A good test to see if it's working;
On the page you currently see, do a right-click and "view source". You should see a list of js and css files. Click on one of those to see the contents of that file. If you get a 404 (File not found) error then you have not set your server web folder correctly.

Cheers
Bruce

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #11 on: July 07, 2022, 02:25:20 AM »
Hi Bruce the certificate is create for two sub-domains but failed in one https://tracking.magictransport.com/ look the error:

[ 7/07/22- 6:23:26]  The URL for the Fetch command was blank
[ 7/07/22- 6:23:26]  Get Authorize tracking.magictransport.com
[ 7/07/22- 6:23:26]  Authorize Request tracking.magictransport.com
[ 7/07/22- 6:23:25]  Registering Account magictransport at  https://acme-v02.api.letsencrypt.org/acme/new-acct
[ 7/07/22- 6:23:23]  Time to update the certificate tracking.magictransport.com
[ 7/07/22- 6:23:23]  C:\WebApps\certificates\tracking.magictransport.com.crt does not exist
[ 7/07/22- 6:23:23]  Setting Folders for Domain [tracking.magictransport.com]

the problem with styles is in Avast Browser and in developer mode i saw the styles, themes and js

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: certificate error i need help urgent
« Reply #12 on: July 07, 2022, 05:11:25 AM »
I think you might best be helped by coming to the webinar today. It seems like you are mixing multiple questions together here, so it's hard to answer.

osquiabro

  • Hero Member
  • *****
  • Posts: 687
    • View Profile
    • Email
Re: certificate error i need help urgent
« Reply #13 on: July 07, 2022, 08:21:00 AM »
the most important is this:

[ 7/07/22- 6:23:26]  The URL for the Fetch command was blank
[ 7/07/22- 6:23:26]  Get Authorize tracking.magictransport.com
[ 7/07/22- 6:23:26]  Authorize Request tracking.magictransport.com
[ 7/07/22- 6:23:25]  Registering Account magictransport at  https://acme-v02.api.letsencrypt.org/acme/new-acct
[ 7/07/22- 6:23:23]  Time to update the certificate tracking.magictransport.com
[ 7/07/22- 6:23:23]  C:\WebApps\certificates\tracking.magictransport.com.crt does not exist
[ 7/07/22- 6:23:23]  Setting Folders for Domain [tracking.magictransport.com]

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: certificate error i need help urgent
« Reply #14 on: July 07, 2022, 08:15:16 PM »
run debugview++ on the machine and see what it shows. Ideally you want to see all the text for the connection to the LE server - and what the specific response was.

If you don't see the request / response in debugview++ then add the following conditional compiles to your program and try again;

NetShowSend=>1
NetShowReceive=>1

Cheers
Bruce