as described in the header, I can't create a new SSL certificate with Let's Encrypt on my Synology NAS.
I tried everything, reboot, turn off the firewall, (..) but yet I always get the same failure "The Operation failed. please login again and retry."
Does someone know where the problem could be?
The domain works, I can access it from the internet but it always uses the standard certificate of synology and thats valid..
Thank you for your help and ideas!
I ran into the same problem some months ago. For Let's Encrypt you must provide proper data. If you have multiple alternative names (like www.website.com;website.com;mail.website.com) they must all be valid and provided similar to this list.
Related
I have an expired five name certificate that I want to replace with a wild card cert. The wild card cert is currently handling SMTP. I want to add IMAP. Because it's a wild card cert I'm following the instructions to use
Set-ImapSettings -X509CertificateName mail.mydomain.com
and I get a response of
WARNING: The command completed successfully but no settings of 'myServer\1' have been modified.
And the wild card cert does not have the IMAP service added.
How do I do this? Do I need to remove the old expired cert first?
This is on premise Exchange 2019
Was able to finally get it working with no clear answer. I wish MS would fix the GUI to show when a wildcard is being used for POP and IMAP. For anyone that comes along after with the same issue, use the only SSL checking tools to see when your connection is secure and some combinations of using the command and a couple of service restarts got it working. It appeared as magic, but there is not magic. Sorry I can't off any better advice.
The domain in question is https://prophpbb.com
The certificate previously worked without issue. There have been no recent changes or cPanel updates. When trying to debug, the ssl cert being requested is clearly not what I have installed. In fact, it looks empty aside from some cryptic stuff, like the issuer email (see point 2). I suspect there might be DDoS mitigation going on either with HostDime, my datacenter, or globalsign, but I'm really spitballing at this point. I'm basing that on these findings:
I can't ping prophpbb.com, but I can ping addaforum.com (on same server)
SSL error returns net::ERR_CERT_AUTHORITY_INVALID and when I inspect the certificate, the issuer email is shown as: protect#DDoS-Filter.domain and the domain it's supposedly returning is "server" which is obviously not correct. The cert is issued by globalsign through the alphassl reseller ssl2buy.
What I have done to try to resolve this:
1. revoke the original certificate and reinstall it
2. rebuild cPanel's SSL cache via /scripts/rebuildinstalledssldb
3. restart apache
4. update cPanel from v60 to v62
5. disabling the software firewall (CSF)
I cannot find anything on Twitter regarding a globalsign outage. I put in a ticket at ssl2buy and at HostDime for good measure. Can you help me to understand what this issue is attributed to?
*edit - received a reply from HostDime. This was, indeed, caused by their DDoS mitigation. They resolved it quickly.
I edited the original post to note that it was resolved by the datacenter and it was due to DDoS protection. Replying here to mark it as solved.
I have a problem with a self-signed SSL certificate not being accepted on my Windows 7 box. I need this because the QuickBooks web connector will not address my CRM except over HTTPS, and the CRM is hosted on an intranet-only Linux server.
I followed the instructions here, and then used certmgr.msc to import the certificate on the client machine. The import appeared to be successful, and I can see the certificate in the "Trusted Root" store:
The problem is that it doesn't work; QBWC still reports it can't connect due to an authentication error, and my browser still rejects the certificate:
Could someone please give me an idea what I'm doing wrong? Thanks in advance!
The correct answer was propounded by #RickK - I had issued the certificate in my own name, instead of the domain of the server. The prompts in Apache make this rather confusing; it really looks like you're supposed to put your own name in the "Common Name" field, and the tutorial I followed seems to advise the same thing.
Anyway, I reissued the certificate, changing the CN field to "apps," and everything is working now. Thanks to #RickK and #pulkitsinghal for your helpful input. (And sorry for the delay in my response - this project got pushed to the back burner for awhile.)
I have an application on a Glassfish server instance. I need to do a two way authentication with certificates. I have a closed group of users, so installing the self signed certificate is not a problem.
The question is, how do you go about doing this entire process? I am using the java based Keystore Explorer instead of the command line tool keytool.
Before shooting me down, could you please give me a chance to explain my situation better, I know right now the question is a bit hazy, but as the comments come in, I will be able to clarify a bit better!
If you refer to mutual authentication, please read the following Oracle resource first.
http://docs.oracle.com/javaee/6/tutorial/doc/glien.html#bnbyi
If you still have problems, please provide more details and where you are stuck.
I have two "Web Sites" running under IIS6 (Windows Server 2003R2 Standard), each bound to a separate IP address (one is the base address of the server).
I used SelfSSL to generate and install an SSL certificate for development purposes on one of these sites and it works great. I then run SelfSSL to generate a certificate for the second site and the second site works, but now the first site is broken over SSL.
I run SSL Diagnostics and it tells me:
WARNING: You have a private key that corresponds to this certificate but CryptAcquireCertificatePrivateKey failed
If I re-run SelfSSL on the first site (to fix it), the first site works but then the second site is broken.
It seems like SelfSSL is doing something in a way that is designed to work with only one Website, but I can't seem to put my finger on exactly what it's doing and figure out how to suppress it. I would manually configure SSL but I don't have a certificate server handy, but maybe there is a way to get SelfSSL to just gen the cert and let me install it?
FWIW I have also followed the guidance of several posts that indicate changes to the permissions of the RSA directory are in order, etc. but to no avail. I don't work with SSL everyday so I may be overlooking something that someone with more experience might notice, or perhaps there is a diagnostic process that I could follow to get to the bottom of the issue?
We had a similar problem today. Our IT guy said he solved it by basically using ssldiag instead of selfssl to generate the certs.
See the reply from jayb123 at this URL: http://social.msdn.microsoft.com/forums/en-US/netfxnetcom/thread/15d22105-f432-4d8f-a57a-40941e0879e7
I have to admit I don't fully understand what happened, but I'm on the programming side rather than the network admin side.