Can't update or renew certificate

I have Icewarp EMail Server and there is a Lets Encrypt cert created long ago. Many times I have renewed or created a new certs without problems in Icewarp administration console. But today I can't. Error is: Error when registering acme account. ACME Exception: Error registering: 405 HTTP/1.1 405 Not Allowed
Sorry for my English.

My domain is: mail.zeinet.kz
My web server is: Icewarp Email Server 12.2.0.2
The operating system my web server runs on is: Windows Server 2012 R2

If this is the function built into Icewarp (https://support.icewarp.com/hc/en-us/articles/115002292488-Let-s-Encrypt-certificate) you will need to contact Icewarp support for more help. It seems like your version of the software might be too old and is attempt to use an HTTP GET method when a POST method is now expected.

About three months ago everything works fine. Icewarp server version 2019.09. I don't change anything. It's definitely Lets Encrypt problem

That's HIGHLY unlikely. There currently is no incident at https://letsencrypt.status.io/ and I don't see an sudden influx of new threads with the same kind of issue. Further more, it isn't even clear what your issue actually is? The error "ACME Exception: Error registering: 405 HTTP/1.1 405 Not Allowed" is not a literal error presented by the Let's Encrypt ACME server, so I have no idea what the actual error is. Could you perhaps show us more of the error? Perhaps from a log file in Icewarp?

1 Like

If it was working as of a few months ago and isn't now, then it's probably due the removal of the old ACMEv1 endpoint.

It had been only allowing renewals for existing names for a long time to let people upgrade, but has finally gone away for good.

If that's the case, the only solution is to upgrade your client to a system that's uses the updated endpoint. If it's integrated with your software, you probably just need to upgrade your software to a version from within the past few years.

2 Likes

Based on a quick search, it looks like support for ACMEv2 was added in IceWarp 12.2.1

https://dl.icewarp.com/patchinfo/12.2.1.txt

You say you're on 12.2.0, so that's almost certainly what the problem is.

4 Likes

Thanks! Now I understand that my error is because Let's Encrypt removed ACMEv1 endpoint in June 1. I have to update the server.

2 Likes

I think also the POST-as-GET change was enforced recently, I could be wrong. That meant that any old acme client that tried to use and http get to fetch one of the resources would fail until it changed to using an HTTP post. So you could be more or less acme v2 compatible but still fail.

1 Like

Well, you're wrong on this one, at least in terms of production. :slight_smile: Staging still enforces it, though.

I don't think that decision got a lot of attention, though, so I can't really blame you for missing it.

1 Like

Cool, I had a feeling something changed earlier in the year but maybe my mind was making it up!

1 Like

2 posts were split to a new topic: "time out " when trying to renew certificate

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.