Certificate did not reissue

Hello,
My email is down. I had a certificate for mail.basementdrcincy.com that expired on 2/10/2018 and did not auto reissue. When I check the properties I do not see any errors. When I try to reissue I get a error Some domains were not verified, mail.basementdrcincy.com :Invalid. I have two mail.basementdrcincy.com mail.basementdrky.com both in the same certificate.
I use IceWarp email server on Windows 2012 server.


Hopefully we can get this resolved today because all employee’s will be starting in the morning.
ThankQ
GregW

How did you try to reissue? Which software? Which command? And is that the only error message you're getting? B/c the Let's Encrypt servers will give a lot more information than that when something doesn't work.

It is a feature within our IceWarp email server program that let’s us create a certificate from Let’s Encrypt. If it does not auto renew then clicking on reissue should work right? Or do I need to delete it and create a new one?

From the IceWarp knowledge base: https://esupport.icewarp.com/index.php?/Knowledgebase/Article/View/625/0/lets-encrypt-certificate

Server DNS record has to be resolvable and port 80 should be open.

Did you perhaps close port 80 for the mailserver again? I’m getting a time out when trying to telnet to it…

I don’t think telnet is on by default on a windows server. Should the certificate reissue or delete and create a new one?? The server diagnostic shows everything is OK. Is there a way to create a certificate from Let’s Encrypt I can import them if needed.

telnet is an often used application to connect to any port, not specifically to telnet daemons only. In this case, I would expect an error message from the server saying port 80 is closed. But it doesn't. This could mean there's a firewall in place to block everything to port 80 for mail.basementdrcincy.com and that could be the reason you're getting an error message for that domain.

I suggest you debug the reason why IceWarp doesn't renew the certificate automatically. I've given you a hint already, suggesting you check port 80 is blocked or open, as port 80 is required to be open according to the link I pasted above.

1 Like

I am checking with our IT people that control the firewall. I will keep you posted
ThankQ for you help!

I did find the World Wide Web Publishing Service was running so I stopped it and disabled it. Still can not reissue! I was able to get a self signed certificate to work so I have that as my default right now and webmail seems to be working just reports not secure.

It looks like the IceWarp software does not provide you with the error message when a domain fails to validate. You should file a bug report or support request with IceWarp asking them to provide more detailed information on failures. Thanks!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.