Koozali.org: home of the SME Server

Let's Encrypt error: Certificate authority doesn't allow certificate signing

Offline umbi

  • ***
  • 100
  • +0/-0
Hi to all

I allso have a problem and i will apreciate any help...
My Server: SME Server 9.2  and unfortunately with both Letsencrypt versions (smeserver-letsencrypt and the dehydrated manually) / all updates done.

Config file is API 2 (tried allso with "auto").

If i genarate under V2 a new domain, all is no problem after "dehydratet -c command" it works perfecty.
But if i add a new host-address in an old domain where (i think is an old V1 certificate) i get following error:

 + Requesting challenge for www.mydomain.com...
 + Already validated!
 + Requesting challenge for newhost.mydomain.com...
  + ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org/acme/new-authz (                        Status 403)

Details:
{
  "type": "urn:acme:error:unauthorized",
  "detail": "Error creating new authz :: Validations for new domains are disabled in the V1 API (https://communi                        ty.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430)",
  "status": 403
}

in my case is that here the command to renew all certificates i have to V2 api? - im scared to do it :

config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile

Thank you in advance for any help

Umbi

Offline ReetP

  • *
  • 3,722
  • +5/-0
-Deleted-
« Last Edit: January 15, 2021, 07:42:57 AM by gzartman »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline umbi

  • ***
  • 100
  • +0/-0
Hello ReetP

Thank you verry much for your fast reply.

Just to be sure to do the right i do the following steps:

1.)
config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile

2.)
signal-event console-save
reboot

3.)
config setprop letsencrypt status test
signal-event console-save

4.)
dehydrated -c

If all ok,

5.)
config setprop letsencrypt status enabled
signal-event console-save
+
dehydrated -c -x

6.) at the end
dehydrated --cleanup (-gc)


is that the right order and everything right?

I prefer to ask again to be on the safe side and I appreciate your help very much. :-)


Umbi

Offline ReetP

  • *
  • 3,722
  • +5/-0
-Deleted-
« Last Edit: January 15, 2021, 07:42:30 AM by gzartman »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline umbi

  • ***
  • 100
  • +0/-0
Hi ReetP

Thank you for your answer and all the first:  HAPPY NEW YEAR!

When are you back from Holliday?
I feel bether if you test before because its an productive server ;-)

kind regards
Umbi

Offline ReetP

  • *
  • 3,722
  • +5/-0
-Deleted-
« Last Edit: January 15, 2021, 07:41:50 AM by gzartman »
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation

Offline waldviertler

  • ***
  • 107
  • +0/-0
Hello !

Since I have the same problem, but all the answers are deleted: whas that the way to get dehydrated with API2 running?
Thank you very much for answering!

Hello ReetP

Thank you verry much for your fast reply.

Just to be sure to do the right i do the following steps:

1.)
config delprop modSSL crt
config delprop modSSL key
config delprop modSSL CertificateChainFile

2.)
signal-event console-save
reboot

3.)
config setprop letsencrypt status test
signal-event console-save

4.)
dehydrated -c

If all ok,

5.)
config setprop letsencrypt status enabled
signal-event console-save
+
dehydrated -c -x

6.) at the end
dehydrated --cleanup (-gc)


is that the right order and everything right?

I prefer to ask again to be on the safe side and I appreciate your help very much. :-)


Umbi
« Last Edit: June 02, 2021, 04:24:56 PM by waldviertler »