Le64 - new cert is expired - FM19 server

karstyn · November 17, 2022, 1:05am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:db.hydradesignlabs.com

I ran this command: using le64.exe $params
$params = "--key $accountPath", "--email $email", "--csr $csrPath", "--csr-key $keyPath", "--crt $certPath"," --domains $domains", "--generate-missing", "--unlink", "--path $acmeDir"

It produced this output:

 le64.exe : 2022/11/17 00:11:05 [ Crypt::LE client v0.38 started. ]
At C:\Program Files\FileMaker\SSL Renewal\GetSSL.ps1:141 char:1
+ & $le64Path $params
+ ~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (2022/11/17 00:1...0.38 started. ]:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
2022/11/17 00:11:05 Generating a new account key
2022/11/17 00:11:07 Saving generated account key into C:\Program Files\FileMaker\SSL Renewalaccount.key
2022/11/17 00:11:07 Generating a new CSR for domains db.hydradesignlabs.com
2022/11/17 00:11:07 New CSR will be based on a generated key
2022/11/17 00:11:07 Saving a new CSR into C:\Program Files\FileMaker\SSL Renewaldomain.csr
2022/11/17 00:11:07 Saving a new CSR key into C:\Program Files\FileMaker\SSL Renewalkey.pem
2022/11/17 00:11:08 Registering the account key
2022/11/17 00:11:08 The key has been successfully registered. ID: 827592817
2022/11/17 00:11:08 Make sure to check TOS at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf
2022/11/17 00:11:08 Current contact details: kmccoy@supportgroup.com
2022/11/17 00:11:08 Successfully saved a challenge file 'C:\Program Files\FileMaker\FileMaker 
Server\HTTPServer\conf\.well-known\acme-challenge\/jkhBB-M24dLoPILEqtsz85RGzcmLHrdsGe3ss_ZZtyM' for domain 'db.hydradesignlabs.com'
2022/11/17 00:11:10 Domain verification results for 'db.hydradesignlabs.com': success.
2022/11/17 00:11:10 Challenge file 'C:\Program Files\FileMaker\FileMaker 
Server\HTTPServer\conf\.well-known\acme-challenge\/jkhBB-M24dLoPILEqtsz85RGzcmLHrdsGe3ss_ZZtyM' has been deleted.
2022/11/17 00:11:10 Requesting domain certificate.
2022/11/17 00:11:11 Requesting issuer's certificate.
2022/11/17 00:11:11 Saving the full certificate chain to C:\Program Files\FileMaker\SSL Renewalcertificate.pem.
2022/11/17 00:11:11 The job is done, enjoy your certificate!

My web server is (include version): FileMaker v19 tomcat

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is: Azure

The new cert has an expiration date of yesterday, same as the last cert. I tried deleting all current certs and running the process again, but no change. Not sure what to try next.

webprofusion · November 17, 2022, 1:54am

Check this file and ensure it's date modified as recent as expected. Then double check your SSL config in Filemaker to ensure it's pointing to the correct file. I notice that your pem file path is different to the one suggested in their documentation: Requesting an SSL certificate

webprofusion · November 17, 2022, 1:55am

Also, you need to restart your services for the updated cert to take effect.

rg305 · November 17, 2022, 4:53am

How, exactly, did you check that?

karstyn · November 17, 2022, 5:55pm

Thanks Christopher and Rudy.

"Check this file and ensure it's date modified as recent as expected." - I did and it had just been created, I also deleted all files first to make sure it was newly generated.

"Then double check your SSL config in Filemaker to ensure it's pointing to the correct file." - for brevity I only pasted in the results of creating the certificate, the process continues on and moves the files into the the correct path for FileMaker Server (...\FileMaker Server\CStore), then reboots the FM service. All of that also seemed to work. Looking in the FileMaker Admin Console it shows the ssl cert has expired as of 11/15/22.

Any other suggestions or questions are welcomed!

rg305 · November 17, 2022, 6:50pm

Can that be restarted?

karstyn · November 17, 2022, 7:29pm

Rudy - yes it can, and I have. Odd thing is that when I tried to manually import the new certificate files that were generated yesterday into FileMaker Server using the cli, I received an error that the certificate had expired. Today I tried importing them using the Admin Console and it worked! Usually it is the reverse that works best.

I'll need to wait until the next renewal round to see if the basic process works automatically - sure gave me fits on this round!

Thanks for your help

system · December 17, 2022, 7:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.