Server Certificate Signature - failed

Tiago · October 5, 2021, 6:22pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://ourwork.ca/ https://www.panenterprises.com https://www.aquaceleste.com/ https://damngoodeditors.com/

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Recently we got some errors from our monitoring system on N-Central saying that there was a few websites that we host had failed. When I browse the website it shows that the certificate is valid. N-Central support suggest that it may be an issue coming from the root certificate from Let;s Encrypt. They said in order to solve the issue we need to upload the Root certificate under Administration >> Certificate Management.

can anyone help to how we can have the root certificate from Let's Encrypt so we can upload on N-Central?

rg305 · October 5, 2021, 7:23pm

Hi @Tiago welcome to the LE community forum

All the LE root certs can be found at:
Chain of Trust - Let's Encrypt (letsencrypt.org)

The one you want is likely:
[available in DER and PEM formats]
ISRG Root X1 ( RSA 4096, O = Internet Security Research Group, CN = ISRG Root X1 )

Self-signed: der, pem, txt

ncentral_nerd · October 5, 2021, 7:46pm

re: monitoring letsencrypt cert based https breaking:

A code drop was not necessary for this one, I just had to run a couple of scripts on your server to update the trusted CAs Please note that any https monitored by a probe will depend
on the windows update to deliver trusted CAs for that device, but your server should be good to go now, and a reboot should not be required

This was a communication to one of my partners, log a ticket with support please.

-Jason, N-central

rg305 · October 5, 2021, 7:51pm

It would be nice to know exactly what was run and which O/S and version it applied to.
[so that other readers may benefit from this knowledge]

ncentral_nerd · October 6, 2021, 1:29pm

I don't have that information as N-central is a proprietary Remote management and monitoring solution. I do know we have a code drop to resolve this issue.
Kind regards, Jason from N-able

system · November 5, 2021, 1:29pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.