Probleme with let's encrypt // ICEWARP

Help Aide (en français)
1

Hello let’s encrypt team,

Since a while , we could not issue let’s encrypt certificate for all our customer webmail domain names from our server ICEWARP

Application installed : ICEWARP
Provider : ICOSNET ITSP Algeria

below the test results : the server is able to connect with LE server

connected_let_enrypt

telnet test :

telnet_let_encrypt

curl test :

curl_let_encrypt

there is no http filter from our firewall to our server :

nmap_aucun_filtrage

below ping test

ping_let_encrypt
ping_let_encrypt755×218 51.6 KB

the certificate renewal is done via icewarp console administration , it stucks and there is error messager , i did reboot and restart services but the issue still persist

please if someone is able to help here

Br

2

What is the error message?

3

hello ,

this is the only error message that shows but not always

logs_lets_encrypt
logs_lets_encrypt1099×282 55.5 KB

4

Well, that's not a very helpful error message. Is there perhaps more verbose logging possible?

5

there are only those error messages

6

You may have to contact ICEWARP for more help. As your tests show, the server appears to have working connectivity so I am not sure what is wrong.

7

yeah i already suggest their help but with no solution for the moment

8

I wonder if someone is intercepting your connectivity to the Let's Encrypt API endpoint and causing your outbound TLS connection to fail (because of failed certificate validation).

Maybe try

openssl s_client -connect acme-v02.api.letsencrypt.org:443 -servername acme-v02.api.letsencrypt.org

and see what certificate the API server appears to present in the output of this command.

(The -servername option is not required in newer versions of OpenSSL, but I gave the traditional form because I don't know what version of openssl you have.)

Edit: I guess this possibility is unlikely because it would probably have made your curl -v command fail too, but it might be worth trying just for lack of any other ideas... :frowning:

9

These tests should be on port 443:
image
image

I believe that is mostly shown here:
image

I'm leaning towards:

  • IPS blocking
    OR
  • MTU issue

Has this ICEWARP ever been able to obtain an LE cert?

10

yeah the issue appeared since month ago