Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The certificate is issued by TSPlus
This is as simple as we just click the renew button
But this time I receive this message and the renewal does not occur
I do not have sufficient experience in these matters
How can I register a certificate and include it through TSPlus?
I am not familiar with that ACME Client. I don't understand why it would give an error. The error saying it failed overlaps a window that shows a fresh cert being issued. Confusing.
And, your own display from crt.sh shows you get a cert nearly every day. Which is poor practice by the way and means something is wrongly configured in your certificate manager. You should only be renewing your certs every 60 days or so.
Your HTTPS service on port 443 (website?) is using a self-signed cert for "localhost". Since you are getting certs daily maybe just configure your webserver to use them. I don't know how you do that on your system.
I see a component named "Certes" mentioned in your logs. There were some required updates to that recently but I could not find the threads in this forum about that.
I think you need to ask about this on a CertificateManager support forum. That's all I can offer.
I have a virtual server
I purchased a domain and directed to the server's IP
The server has a TSPlus system
When the certificate renewal process fails in the normal way
I downloaded the certificate from the Dot Net website that contains the domain that I purchased
And download it instead of renewing the certificate
You clearly are able to get a cert for that domain name as shown by crt.sh.
You will not be able to use a different server (IP address) to get a cert with that same name using the HTTP Challenge (which you are). When you request a cert for a domain name the Let's Encrypt Server validates the cert request. It issues an HTTP request to the IP address in the public DNS for that domain name. The LE Server needs to be given the proper challenge token for the request to succeed.
So, let's say you request a cert from ServerIP2 (TSPlus?). If the A record in your DNS points to Server1IP (your dot net system?) that system won't know how to reply properly to the LE Server. That has always been true.
I am not really sure what you are asking but TSPlus also has a support channel. That is the best place to seek advice on how to configure it. We often help people with common problems but there are hundreds of ways to get certs and we cannot be expert in all of them.
But I discovered that the files I attached above are not the files that TSPlus created after importing the certificate
When importing the certificate, no files are created inside the cert folder, as happens when creating the certificate via TSPlus.
I do not know if the file I imported will work after a while or not, and I cannot review the certificate
All I did was add it and a message appeared that the operation was completed successfully
So far, the certificate problem has not been resolved on the site
Do I have to wait and how long does it take to see results?
Or should it work directly?
this kinda feels like it fails at downloading certificate after signing from march: i guess it try to verfity new certificate but againest DST root and reject it?
well I don't think you can fix source code for it but grab another client like https://certifytheweb.com/ and install certficiate from there manually (or with hook script) for now?
What you mean is
Download the file from the link and run it on the device
And then try to import the certificate
Or create the certificate using TSPlus
correct
