Can't renew Certificate - zerossl, sslforfree, gethttpsforfree and other browser based clients may not work

My domain is: fundamentalrecovery.com

I entered the CSR and Domain Account key on zerossl and when clicking the next button receive the following error: “failed to retrieve resource directory”

This is happening with all domains I try to renew what could be causing this issue?

If you go to this domain you can see the SSL is still active so not sure what is going wrong.

1 Like

Hi @mhughe29

if you use Zerossl and if that tool doesn’t work: Ask Zerossl.

That’s not a Letsencrypt problem. Or use another of these online tools.

Thanks for the reply was not aware since it uses the letsencrypt ssl I thought it may be same company.

Will keep trying to figure it out.

1 Like

HI! Mhughe29
I am having exactly the same problem with zerossl since yesterday, same message “failed to retrieve…” Same all, I tried with a domain with ssl expired and also tried with one that wasn´t expired yet yesterday but it is today. I tried everything, also wrote to ZeroSSL but no reply at all. Couldn´t renew…
Did you found out a solution or another website like Zerossl to use instead?
Thanks in advance!!!

1 Like

Hi Juergen. Which other online tools do you suggest like Zerossl? It is down since yesterday

1 Like

HI! Mhughe29
I am having exactly the same problem with zerossl since yesterday, same message “failed to retrieve…” Same all, I tried with a domain with ssl expired and also tried with one that wasn´t expired yet yesterday but it is today. I tried everything, also wrote to ZeroSSL but no reply at all. Couldn´t renew…
Did you found out a solution or another website like Zerossl to use instead?
Thanks in advance!!!

1 Like

I’ve never used such tools. These tools are not a really good option.

Use a client on your PC with a manual option.

Or (not tested) use the Windows Linux subsystem and try to run Certbot. Or test the Windows-certbot.

1 Like

Thanks! I will make my research about how to do / use those alternative because I am newbie in this and don´t understand much :frowning: that was why I used to access zerossl

I think there may be a problem with the ACME protocol or something like that. Zerossl and sslforfree I think both use this protocol to generate these certificates and neither site is working now.

1 Like

Guess I need to figure out how to use a client on my PC but seems so confusing to me. Maybe I can find one to download somewhere.

oh that was other one I was told about. We should then wait for them to solve the problem. I have no clue what ACME is, not an expert at all in this topic

that was the other alternative but also don´t know where to begin with that. I always repeated the zerossl and installed in Godaddy C Panel. Follow the steps and voilá! First time with problems in renewing

Thanks for your reply. Oh I see, I though this zerossl tool was a good option :wink:

ACME.v1 is deprecated.

So if such a tool doesn’t update the own ACME-client code, that tool will not longer work.

Ah, thanks, good to know.

PS: But sslforfree supports wildcard certificates. So it must use ACME.v2, that’s required to create a wildcard certificate.

So there is another problem they have to fix.

2 Likes

Looking at this thread and seeing that another web client is failing in the same manner, I believe something might have changed regarding the response or its structure for example. I believe you might want to ask support of apilayer.com in this case (see the announcement I have posted last year).

NB: Please note that ZeroSSL web-cliend uses ACMEv2, not the deprected one (and supports wildcards just fine, practically since they became available).

3 Likes

Thanks for this information. I tried to reach them through contact form in zerossl website but no reply yet. Will contact through apilayer.

1 Like

Hi all I use this website https://gethttpsforfree.com/ and also is failing.

Actually, this is not about a problem with ZeroSSL or any other web-client specifically. It is that the requests are now denied because of CORS by the look of it:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://acme-v02.api.letsencrypt.org/directory. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing)

@cpu, have there been any changes on the API endpoints side resulting in this block?

5 Likes

Both Zerossl and sslforfree are failing for me as well.

Zerossl gives resource directory error when you click Next
sslforfree gives nonce error and then just spins when renewing or creating a new cert

1 Like

Hi @leader

is this a browser update?

So Chrome / FireFox are checking that now?

1 Like