Error requesting new certificate: Not Registered

Kevin.Booth · October 21, 2021, 9:39am

I am trying to bring online a new BeyondTrust Virtual Appliance to replace the old appliance. I deleted the LE cert on the old appliance and shut it down. Then I configured the new appliance with same IP, as the old appliance, but when request the LE cert I keep getting this error: Error requesting new certificate: Not Registered
I worked with BeyondTrust support and they told me to reach out to LE directly.

For now, I ended up reverting back to the old appliance. On the old appliance, I was able to re-request an LE cert with issue. Since I deleted it, I had to request it again.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: skidata.com

I ran this command: On a new BeyondTrust Virtual Appliance, I click the request button after filling out the hostname field of supportusa.skidata.com

It produced this output: Error requesting new certificate: Not Registered

My web server is (include version): Beyond Trust Virtual Appliance Base 6.1.1

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: My office Datacenter

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.20.0

griffin · October 21, 2021, 2:54pm

Welcome to the Let's Encrypt Community, Kevin

I am suspecting that you don't have ACME account credentials on the new appliance. The simplest solution is to register a new ACME account with Let's Encrypt on the new appliance. The software through which you are getting your certificates (aka your ACME client) should be able to accomplish this.

rg305 · October 21, 2021, 4:28pm

Does the appliance use certbot?

Does the appliance use Apache?

curl -Ii supportusa.skidata.com/.well-known/acme-challenge/Test-File-1234
HTTP/1.1 404 Not Found
Date: Thu, 21 Oct 2021 16:27:02 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000
Content-Type: text/html; charset=iso-8859-1

Kevin.Booth · October 21, 2021, 4:42pm

I am not sure what Bomgar runs. It is kind of a black box.

rg305 · October 21, 2021, 4:57pm

This response is confirmed to be from a "Bomgar/Beyond Trust" appliance:

curl -Ii https://supportusa.skidata.com
HTTP/2 200
date: Thu, 21 Oct 2021 16:26:44 GMT
server: Apache
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache, no-store
set-cookie: ns_s=4fd67cf919fa3a6d9261961c30888faf; path=/; secure; HttpOnly; SameSite=lax
strict-transport-security: max-age=31536000
vary: X-Requested-With
x-ua-compatible: IE=edge
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
permissions-policy: accelerometer=(), autoplay=(), camera=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), sync-xhr=(), usb=()
referrer-policy: strict-origin-when-cross-origin
x-permitted-cross-domain-policies: none
content-type: text/html; charset=utf-8

rg305 · October 21, 2021, 5:13pm

Check with the vendor about the recent LetsEncrypt cert expiry.
They may have a patch for it or a workaround.
Either way post their response here (if you don't mind).

webprofusion · October 22, 2021, 1:56am

Looking at the manual (https://www.beyondtrust.com/docs/remote-support/documents/infrastructure/rs-ssl-certificates.pdf) it looks to me like there is not explicit account creation step may mean it keeps that all internal.

You should contact Beyond Trust and ask them how to reset the ACME configuration - I suspect it thinks it has already created an account but actually it hasn't (or that step failed silently)..

Kevin.Booth · October 22, 2021, 2:12am

I have an open ticket with BeyondTrust as well. I am waiting to hear back from them. I did ask if they could check the internal ACME configuration.

Sebastian.Grueneberg · October 27, 2021, 12:34pm

We have the same problem with 2 new BeyondTrust Virtual Appliances. It looks like an issue with the initial registration only. On another Appliance we can easy renew an allready registered certficate.
So we have also two tickets open at the BeyondTrust support.

Does anyone allready an update/solution for this problem?

bholbrook · October 28, 2021, 12:47am

Hey all, I am at BeyondTrust on our engineering team responsible for the Let's Encrypt / acme integration. Just got pulled into the issue today and we are looking into it. So far looks like it might be a simple bug on our side regarding filesystem permissions on brand-new deployments. Will let you all know once we have more details about a fix.

bholbrook · October 29, 2021, 10:41pm

OK thanks for your patience while we (BeyondTrust) investigated this. As we suspected, there is a bug in our system with filesystem permissions that breaks our Let's Encrypt / ACME integration immediately after deployment. We have created a patch that will fix affected systems. Please reach out to BeyondTrust SRA tech support and they can get it to you. Our internal ticket number for this issue is HELP-4947, in case they ask for that.

system · November 28, 2021, 10:42pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.