Hi, I landed up here after finding out that a certificate renewed by the "Certify the Web" client yesterday is causing auth issues. Looks like the client needs to be updated. I tried manually installing the R3 intermediate certs on the client to see if that would help recognize the cert but it didn't. Is there anything else I could do until the client is fixed?
Thanks
2 Likes
@webprofusion I'm pretty sure certify doesn't hard-code the intermediate? The Certes ACME client actually has a preferredChain option, which is also used by Certify. Any idea what's going on here?
Also, the certes.app website has an expired certificate 
4 Likes
What version are you using?
3 Likes
Correct, we don't embed the intermediates, just waiting to hear from the OP on our community forum to see what the actual auth issues are, i.e. what is the actual error: https://community.certifytheweb.com/t/renewed-certificate-fails-r3/1150/2
Regarding certes, the library distro itself is a little neglected by the owner but I appear to have commit permissions so we're managing to keep the library itself pretty up to date. The website and nuget packages etc are outdated however.
5 Likes
I can confirm that Certify The Web does request and use R3 intermediate certificates with no intervention required. In this case, without further clarification from @trinetra I suspect the issue is a cached cert chain on the client.
5 Likes
I'm using the latest 5.2.1
2 Likes
Thank you very much for the clarification about the intermediate certs. However, I'm still facing a problem with my renewed certs but will continue the discussion on the Certify the Web forum as it doesn't seem to be connected with the R3 change.
4 Likes
This issue was resolved by exporting the full certificate chain for use by hmailserver, so that Thunderbird would validate the cert properly:
4 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.