Issue with Cert

thalhofer · June 12, 2024, 10:01am

Hi i am using Kerio connect. There is a point where i make Lets Encypt Cert. and it updates the cert. automaticly. But since yesterday it stopped working. If i want to make a new Cert i get the msg: https://acme-v02.api.letsencrypt.org/directory;rel="index" to read a header,couln't resolve host name.
hostname mail.met-architects.com is working and the port 80 is open.
does anybody knows the problem?

best regards
tom

My domain is: mail.met-architects.com

I ran this command:

It produced this output:

My web server is (include version): Kerio Connect (mailserver 10.0.5)

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: Webland

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Kerio Connect Amin console

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Osiris · June 12, 2024, 10:12am

This suggests DNS might be failing on your system.

I don't see any DNS issue with the ACME API endpoint: acme-v02.api.letsencrypt.org | DNSViz (those 2 warnings are not important). Thus it seems to be an issue with your host.

michaelaemartin · June 15, 2024, 1:31am

Have the same issue with kerio connect.
Kerio has a temp fix of upgrade to a beta version. Have not tried it yet as I can wait.
They say it is production quality.
See https://support.kerioconnect.gfi.com/hc/en-us/articles/19547534733202-Troubleshooting-Let-s-Encrypt-Failure-contacting-https-acme-v02-api-letsencrypt-org-directory-rel-index-to-read-header

Osiris · June 15, 2024, 8:16am

I have reasons to believe Kerio is lying. The text of the error presented in their article says:

Operation failed, internal error: Failed to issue Let's Encrypt certificate: Failure contacting https://acme-v02.api.letsencrypt.org/directory;rel=index to read header

But the error from the screenshot clearly says:

Operation failed, internal error: Failed to issue Let's Encrypt certificate: Failure contacting https://acme-v02.api.letsencrypt.org/directory;rel=index to read header.: Could not resolve hostname.

(Emphesis mine.)

As far as I know, nothing has changed in the way the Let's Encrypt ACME API DNS work. It's DNS service is Cloudflare for a very long time and has not seen a recent change.

Or maybe the screenshot is incorrect? I'm very curious what, in their eyes, was changed by Let's Encrypt and what the change to Keiro Connect exactly is.

The only thing that has changed recently were the intermediates used to sign the end leaf certificates, but that doesn't have any impact on the DNS? Weird..

system · July 15, 2024, 8:17am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unknown problem accessing Let's Encrypt API Help	4	219	July 19, 2024
Letsencrypt failing on _acme_challenge error Help	8	462	July 23, 2024
Kerio Connect in a OFF-Line Scenario Help	11	968	May 2, 2023
Unable to renew cert Help	1	592	January 1, 2021
Let's Encrypt server has trouble acessing my server Help	7	1603	October 14, 2018

Issue with Cert

Related topics