Cert needs renewal. Windows 10/O365

@jsha Hi, unfortunately no. I would delete the thread but it seems sort of permanent.

hi @boston

A) What is the certificate being used for
B) How was the certificate obtained originally

Andrei

a)The certificate is connected to Outlook, as the warning
pops up when opening the Outlook client.

b) I don’t know how it was originally obtained; I recently
took over the help desk in question and there is little documentation.

hi @boston

This is not really working for me. A couple of liners is not enough to provide you with the details you need.

Have a look at this: https://support.office.com/en-us/article/Get-a-digital-ID-0eaa0ab9-b8a2-4a7e-828b-9bded6370b7b?ui=en-US&rs=en-US&ad=US

It might be what you are doing but until you can articulate what it is you are trying to do I cant really help

It will probably take some research on your part but certificates are used for a range of purposes and I am not sure how and why yours is being used the way it is

The first step is to articulate what the purpose of the certificate is (check outlook settings etc)
The second step would be investigate internally (check previous cases) as how the certificate was obtained

If you cant achieve the two above then start from scratch and figure out what the user is trying to do (what is it they need)

Andrei

“She’s being alerted at each Outlook login that her LetsEncrypt cert is expired (it expired in May).”

I’ve seen the cert- it expires in May, and my experience with certs has been that usually replacement ones get emailed. LetsEncrypt has not emailed one, so I approached support. LetsEncrypt support won’t provide any support via email, their initial response said as much, and they said to go to the forums.

As far as what I’m trying to do, I’m trying to renew the expired certificate.

So to recap:

  1. User opens Outlook client, gets expired cert warning. Cert is issued by LetsEncrypt.
  2. The cert is stored in “other people” so there is no “renew certificate with the same key” option available.
  3. LetsEncrypt support played hot potato and sent me here.

Support’s email:


We don’t offer support via email. You can check out this
page for how to get/renew certificates from us:
https://letsencrypt.org/getting-started/
and ask questions on our community forums:


All the best,


I am going to get off at this point

That was the second question that i asked you - how was the certificate obtained in the first place.

I understand that you have an issue however I am not able to work with you to solve it

A) If the user doesn't need the certificate uninstall it but it may cause a disruption to a service (encryption)
B) If the user does need the certificate then you need to come up with a documented approach for it

As you once again have chosen to ignore the adviseI have provided and chose not to answer the questions I have asked. I will leave you to figure it out :smiley:

Andrei

Let’s Encrypt issues certificates in the Web PKI. If those words don’t mean anything to you, that’s basically SSL certificates for web sites.

So no, it wouldn’t normally involve emailing certificates anywhere, nor would it be relevant for running Outlook.

The expired certificate will have a Subject listed, if you’re unsure, let us know the Subject on that expired Certificate.

1 Like

Hi @boston is it possible the user seeing this error could also share a screenshot of it? It's possible this could help us better understand where some of the confusion in this thread is coming from.

Agreed, it will probably clarify things. Here’s the popup: http://imgur.com/a/s0U7Z

I’ll go see if I can get a picture of the View Certificate panel from the machine as well to show it’s from Let’s Encrypt X3.

Great! A screenshot of that View Certificate panel would be very helpful.

Are you able to share the blacked out portion of the screenshot? It would make it much easier to debug if we could see the domain name to figure out when the certificate was issued and how the server in question is presenting it to users.

Agreed that certs aren’t needed to run Outlook, but there is an apparently non-renewable certificate creating a popup about cert expiry when the user opens Outlook. The subject is the domain attached to the email account (user@foobar.com, so subject is foobar.com).

1 Like

Here’s that View Certificate panel: http://imgur.com/a/DCoB3

The URL in the obscured portion of both images is the site domain. If this were a support chat I’d show it but I’m hesitant to on an publicly-viewable forum.

1 Like

Could you take another screenshot from the "Details" tab of that window?

It looks like the certificate has been expired for quite some time. Has something changed on the client side? I would expect this error to have been popping up since May 11 2017.

You can direct message me the domain name by clicking my username and choosing "Message".

I think this is the wrong question. I think the right question is "Why does this user have a certificate at all?" It sounds like the user actually doesn't have a Let's Encrypt certificate, but their Outlook application is try to load a site (or a subresource) that has a Let's Encrypt certificate. We know that's not the Office365 site because they don't use Let's Encrypt and wouldn't allow their certificate to expire.

Is it possible that there's an email in her inbox that loads inline images from a site that has an expired Let's Encrypt certificate? If you disable HTML email (I'm not sure how one does that in Exchange), does the problem persist?

2 Likes

@boston, I’m curious if you ever resolved this issue, since it may help with future support requests. Did disabling HTML email help?

I don't understand. If the problem isn't resolved, why do you want to delete the thread? Also, editing the first post makes this thread very confusing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.