Get "Could not load the resource directory: SSL connection failed for acme-v02.api.letsencrypt.org: SSL c onnect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed" when renewing on FileMaker Server 19, W2016

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: apps6.red-it.co.uk

I ran this command:

I am trying to renew SSL cert on Filemaker Server 19.0.1.103 using Bluefeather GetSSL.ps1 found at:

The command it runs is:

$le64Path "$params --live" "--key $accountPath", "--email $email", "--csr $csrPath", "--csr-key $keyPath", "--crt $certPath"," --domains $domains", "--generate-missing", "--unlink", "--path $acmeDir"

It produced this output:

Windows PowerShell transcript start
Start time: 20211008211320
Username: W2016FM19SRV1\Administrator
RunAs User: W2016FM19SRV1\Administrator
Machine: W2016FM19SRV1 (Microsoft Windows NT 10.0.14393.0)
Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Process ID: 7188
PSVersion: 5.1.14393.4583
PSEdition: Desktop
PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.14393.4583
BuildVersion: 10.0.14393.4583
CLRVersion: 4.0.30319.42000
WSManStackVersion: 3.0
PSRemotingProtocolVersion: 2.3
SerializationVersion: 1.1.0.1

Transcript started, output file is C:\Program Files\Filemaker\SSL renewal\SSL-Renewal.log
2021/10/08 21:13:24 [ ZeroSSL Crypt::LE client v0.35 started. ]
2021/10/08 21:13:24 Loading an account key from C:\Program Files\Filemaker\SSL renewal\account.key
2021/10/08 21:13:24 Loading a CSR from C:\Program Files\Filemaker\SSL renewal\domain.csr
2021/10/08 21:13:25 Could not load the resource directory: SSL connection failed for acme-v02.api.letsencrypt.org: SSL c
onnect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Windows PowerShell transcript end
End time: 20211008211325

My web server is (include version): IIS on Windows Server 2016

The operating system my web server runs on is (include version): Windows Server 2016 Standard

My hosting provider, if applicable, is: Virtual Server

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N\A, using le64.exe

It looks like le64.exe had an old trust store bundled with it somehow that didn't handle the ISRG Root X1 root that Let's Encrypt uses (as Let's Encrypt secures its own API endpoint with a certificate from itself); you probably need to upgrade it to v0.38.

New v0.38 maintenance release is available. This addresses the expiration of some root certificates (starting October 2021), so if you get an SSL error when using older Windows binaries, please make sure to upgrade.

The question was what the version of your client was. I.e.: whatever client you're using Certbot was just an example.

Hi Peter,

FANATSTIC! Just upgraded le64.exe and .\GetSSL.ps1 worked perfectly. I now have SSL on my website.

REALLY appreciate your quick response.

Thanks and regards
Ara

HAHA! Sorry late and tired, will read stuff more carefully next time

Sure, but the version was actually already in the log (though I don't know if I noticed until after I posted).

Great to hear. I love it when problems are easily solved.

'Easy' if you have the knowledge, RELIEF if you are suffering from the problem:) Have a great week end.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.