On renewal Sophos: Could not obtain the current version of the Let’s Encrypt Terms of Service

unipac · December 20, 2021, 11:13am

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: aseg-nettoyage.fr

I ran this command:

It produced this output: Could not obtain the current version of the Let’s Encrypt Terms of Service. Automatic renewals will be tried again during the next renewal attempt. Manual renewal can be attempted again at any time

My web server is (include version): Sophos UTM 9

The operating system my web server runs on is (include version):Linux for Sophos UTM 9

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Sophos UTM 9
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

rg305 · December 20, 2021, 1:32pm

Hi @unipac and welcome to the LE community forum

It sounds like the FW might be dropping its' own outbound requests.
Are there any FW logs that can be reviewed?

unipac · December 21, 2021, 9:57am

2021:12:21-10:56:02 www letsencrypt[10887]: E Renew certificate: URL was: https://acme-v02.api.letsencrypt.org/directory

2021:12:21-10:56:02 www letsencrypt[10887]: I Renew certificate: handling CSR REF_CaCsrCalendAseg2 for domain set [calendrier.aseg-nettoyage.fr]

2021:12:21-10:56:02 www letsencrypt[10887]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service

2021:12:21-10:56:02 www letsencrypt[10887]: I Renew certificate: sending notification WARN-603

2021:12:21-10:56:02 www letsencrypt[10887]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service

2021:12:21-10:56:02 www letsencrypt[10887]: I Renew certificate: handling CSR REF_CaCsrCalendAseg for domain set [calendar.aseg-nettoyage.fr]

2021:12:21-10:56:02 www letsencrypt[10887]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service

2021:12:21-10:56:02 www letsencrypt[10887]: I Renew certificate: sending notification WARN-603

2021:12:21-10:56:02 www letsencrypt[10887]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service

2021:12:21-10:56:02 www letsencrypt[10887]: I Renew certificate: execution failed

MikeMcQ · December 21, 2021, 12:08pm

The messages in the log are not very helpful. You may need to contact your Sophos UTM support to explain what network error caused the TOS to be unavailable.

I see your last successful cert was on Sept 30. On Oct 1 the Let's Encrypt servers started using a different certificate chain. Perhaps you need to refresh your LE certs in the Sophos like this person did:

system · January 20, 2022, 12:08pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.