Once new certificate is uploaded to SAP, it starts working again.
Question:
Is there any way to setup SAP that anyone is aware of to accept any certificate issued by LetsEncrypt similar to how the browser handles it? Some way to setup SAP to setup LetsEncrypt as a valid CA so that it accepts new certs without having to manually upload every 60 days?
When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
We need the hostname of the API endpoint so we could see if the chain that's send by the webserver is correct. Or you could use e.g. SSL Certificate Checker and/or SSL Checker yourself (random sites from Google, no experience with them myself) to see if the API is sending the correct chain.
I don't know what product you are using, but Enterprise products like the SAP one you are using are typically designed to be used with self-signed certificates or private CAs for granular authorization, and not publicly trusted roots. Check your product docs to see if they are referencing self-signed certs, if so you can probably just generate a yearly cert (or similar) that is self signed.
If this SAP product is deigned like that and you need to provide the API on a public root, a common trick is to just have the API run on two different domains - one public and one private.
Edit: LetsEncrypt certs provide Domain Validation for public trust, many enterprise (commericial and open source) products leverage Certificates for granular identity/access/authorization - the systems are designed to ensure a specific cert or signing authority has authorized access.
