Find certificates setup in Azure Kubernetes

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:test.mdm.uso.org / dev.mdm.uso.org

I ran this command: I received emails that they were expiring.

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is:Azure

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Hello @pbumbray, welcome to the Let's Encrypt community. :slightly_smiling_face:

crt.sh | mdm.uso.org shows issued certificate for test.mdm.uso.org on 2023-11-06.
However dev.mdm.uso.org last issued certificate was 2023-08-19, so yes that certificate needs to be renewed.

3 Likes
3

Also dev.mdm.uso.org access to Ports 80 & 443 are filtered.

$ nmap -Pn -p80,443 dev.mdm.uso.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-06 22:24 UTC
Nmap scan report for dev.mdm.uso.org (20.81.4.131)
Host is up.

PORT    STATE    SERVICE
80/tcp  filtered http
443/tcp filtered https

Nmap done: 1 IP address (1 host up) scanned in 3.34 seconds

Whereas test.mdm.uso.org is accessible for Ports 80 & 443.

$ nmap -Pn -p80,443 test.mdm.uso.org
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-06 22:24 UTC
Nmap scan report for test.mdm.uso.org (20.75.140.33)
Host is up (0.092s latency).

PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds
3 Likes
4

Using the online tool Let's Debug yields theses results https://letsdebug.net/dev.mdm.uso.org/1664769

ANotWorking
Error
dev.mdm.uso.org has an A (IPv4) record (20.81.4.131) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with dev.mdm.uso.org/20.81.4.131: Get "http://dev.mdm.uso.org/.well-known/acme-challenge/letsdebug-test": context deadline exceeded

Trace:
@0ms: Making a request to http://dev.mdm.uso.org/.well-known/acme-challenge/letsdebug-test (using initial IP 20.81.4.131)
@0ms: Dialing 20.81.4.131
@10000ms: Experienced error: context deadline exceeded 

IssueFromLetsEncrypt
Error
A test authorization for dev.mdm.uso.org to the Let's Encrypt staging service has revealed issues that may prevent any certificate for this domain being issued.
20.81.4.131: Fetching http://dev.mdm.uso.org/.well-known/acme-challenge/W17fA6CxOASPU--Y6ZwrRrcdCppydKingg7LOl7IWUA: Timeout during connect (likely firewall problem)

Note the Timeout during connect (likely firewall problem)

2 Likes
5

Patrick Bumbray (PBumbray@uso.org) has sent you a protected message.

Learn about messages protected by Microsoft Purview Message Encryption.

Privacy Statement

Learn More on email encryption.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

(Attachment message_v4.rpmsg is missing)

6

Patrick Bumbray (PBumbray@uso.org) has sent you a protected message.

Learn about messages protected by Microsoft Purview Message Encryption.

Privacy Statement

Learn More on email encryption.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052

(Attachment message_v4.rpmsg is missing)

7

@pbumbray I'm pretty sure sending protected messages doesn't work with the forum software.

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.