Hi @muzicman82
merged and re-opened.
Easier to read the context.
2 Likes
The most recent issued certificate for simon4d.bel.com is from December 12th 2020. Currently, it's February 8th, 2021. Did this issue just surface now? Or did it already exist for almost 2 months?
2 Likes
Correct, macOS has a lock on port 443 so we're using port 440. That said, right now the web server for 4D won't start.. and I don't want to just go fix it like I always do without understanding what the heck is breaking every time.
I might just need to reboot the PC because 4D gets dumb sometimes... but I have to wait until my users go home for the day. I'll report back if I can start it with the broken certificate.
2 Likes
Port 440 is closed too.
2 Likes
I have NOT reissued it and the problem just surfaced I believe sometime between Feb 4 and Feb 5. My giveaway is a Gravity Forms for Wordpress REST API hook that I am pinging my server with... it fails when the certificate is not valid... and I had a webhook complete on Feb 4th but not on the 5th.
2 Likes
Correct, the web server isn't running right now. Give me a few and I'll try to bring it up.
2 Likes
Well, if the server isn't online/working and we don't have an actual error or log presenting the issue, we're just guessing here.
Then it's not a certificate issue per se.
2 Likes
But I'm not guessing, I brought my... wait... it's rolling away... come back!
2 Likes
I'm not sure of the configuration check command for 4D. I'll try to look it up.
2 Likes
When you use "Test Web Server" from the Run menu, are you given any kind of feedback?
2 Likes
OK... so this time, I rebooted the PC and 4D started back up with web server, and the certificate appears to be fine.... So I'm not sure where this leaves me...
Why would the web server stop serving the full chain and then work again after a PC reboot, but not a web server reboot?
2 Likes
The saga continues...
The certificate was renewed by the cron job on April 11th... The SSL certificate worked on May 7th, but later failed (as reported by Gravity Forms logs) on May 11th. I just rebooted the server (entire Mac) and then ran the geocerts checker again... and it reported a broken chain. I literally made no changes to the cert files. I did VIEW the files but refreshed the geocerts checker and now it reports as a valid full chain.
Is it possible that 4D server is caching the certificate and it takes time to refresh even after the server starts?
1 Like
There was a recent change to the chain that the Let's Encrypt servers issue.
It used to be:
- your leaf certificate signed by R3
- R3 signed by DST Root CA X3
It is now:
- your leaf certificate signed by R3
- R3 signed by ISRG Root X1
- ISRG Root X1 signed by DST Root CA X3
Not sure if it's related here.
1 Like
If it's a "graceful reload" it might take some time for existing processes to terminate.
1 Like