Windows 7 chrome let’s encrypt problems

system-admin

Verified User
Joined
Aug 1, 2019
Messages
59
It works... it works... Thanks so much :)
Party time!

adult-party-header-new-1280x416.jpg
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
45
@sufiyanshaikh yes, if /root/.zerossl file is present all subsequent certificate operations will use ZeroSSL instead of LetsEncrypt (renewal, new certs, revocation, etc.). If the file is removed it will start using LetsEncrypt again.

@system-admin glad to hear that. Before your last message I have already started a reply stating that it MUST work with ZeroSSL 😄 and the issue is probably that LetsEncrypt certs are still present.

OK we will start working on making LetsEncrypt vs ZeroSSL choice a proper DA feature. Right now it is not user-friendly enough. Hopefully our changes will get accepted into upstream lego repo and we will not have to maintain separate fork.
 

copernic

Verified User
Joined
Jul 2, 2019
Messages
38
zeroSSL worked for me on a VPS with Apache+Nginx as a webserver but not on a second machine with OLS.
I use CPGuard on both machines but on the second machine, the WAF module does not work anymore with the following error:
021-10-03 05:17:51.718165 [ERROR] [126589] [Module:mod_security]setSecRule(type 2) /usr/local/lsws/conf/httpd-modsecurity.conf failed, ret -1, reason: 'Rules error. File: https://rules.malware.expert/download.php?rules=generic&extra=cpgrbl,cpgrecaptcha,webshell,scanner. Line: 1. Column: 0.
SecRule FILES_TMPNAMES "@inspectFile /etc/cpguard/scripts/cpgModsecScan.php" "phase:2,t:none,block,msg:'cPGuard Upload Scanner bad uploaded file',id:'5583453'"
Include /etc/cpguard/cpguard_modsec101.conf
- Failed to download: SSL peer certificate or SSH remote key was not OK'.

It seems that the OLS package doesn't detect the last CA bundle update yet, how to fix it?
 

system-admin

Verified User
Joined
Aug 1, 2019
Messages
59
@sufiyanshaikh yes, if /root/.zerossl file is present all subsequent certificate operations will use ZeroSSL instead of LetsEncrypt (renewal, new certs, revocation, etc.). If the file is removed it will start using LetsEncrypt again.

@system-admin glad to hear that. Before your last message I have already started a reply stating that it MUST work with ZeroSSL 😄 and the issue is probably that LetsEncrypt certs are still present.

OK we will start working on making LetsEncrypt vs ZeroSSL choice a proper DA feature. Right now it is not user-friendly enough. Hopefully our changes will get accepted into upstream lego repo and we will not have to maintain separate fork.

Thanks so much @fln . I really appreciate your help :)
Yes, it would be great idea if it is implemented in GUI and use has choice to select the provider!
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
45
@copernic I think this is not related to ZeroSSL certs. From the web server perspective LetsEncrypt and ZeroSSL are identical. Both has main cert plus chain certs. And we have not changed how web server configs are generated, only the tool that receives certs from CA. It would be great to keep this thread only related to issues and solutions related to the LetsEncrypt root cert expiration.

If you think it was really caused by the switch from LE to ZeroSSL please try removing the /root/.zerossl file and see if the system is working fine again.

If this is not related to LE/ZeroSSL please start a new thread.
 

Canary

Verified User
Joined
Jun 26, 2015
Messages
25
Is it possible to have both on same server with DA?

So Users can choose?
I agree. Now that DirectAdmin supports both issuers, it would be nice to have a per-domain setting so a user can choose between the two for each main domain.
 

Aar

Verified User
Joined
Feb 10, 2005
Messages
155
Location
Netherlands
I have read this topic and i have also problems with my Let's Encrypt certificates on Centos 7 and OpenSSL 1.0.2.
It is not only affected by old operating systems like Windows 7 (booh 😆) or old browsers, but also with PHP's file_get_contents()

Now i will solve this problem...
I've read in this topic that i can use the command: yum install ca-certificates
Is this the only thing? Or is there something more that needs to be done on the OpenSSL or Let's Encrypt side of my server?
 
Last edited:

cjd

Verified User
Joined
Feb 1, 2021
Messages
94
Location
Canada
@Aar Here is some additional info about the issue with OpenSSL and Centos 7, it would be good to start planning for an OS upgrade to a recent supported OS, as you will probably run into more issues as time goes on.


 

Aar

Verified User
Joined
Feb 10, 2005
Messages
155
Location
Netherlands
Oké, @cjd thanks. I will try it.

And is there something more that needs to be done on the OpenSSL or Let's Encrypt side of my server? And is the change directly active over the existing LE certificates on my server?

And yes, i'm going soon upgrade my server with a new OS. Maybe CentOS 8 of a fork.
 
Top