TOS problem with request/renewal

Hello,

i have trouble renewing the Lets Encrypt certificate for the domain vewag.de
We are using a sophos (SG125) that periodically renews the certificates. But since yesterday (time of last renewal) I was not able to get the expired certificates to renew.
I tried to request the same certificate on another sophos with another domain which worked - so I tried to request the certificate for a subdomain of vewag.de from there which results in the same error.

My domain is: vewag.de

It produced this output:
From the UTM in the certificate management tab:

Could not obtain the current version of the Let’s Encrypt Terms of Service. Automatic renewals will be tried again during the next renewal attempt. Manual renewal can be attempted again at any time.

From the log:

2022:02:15-03:05:04 remote letsencrypt[13148]: E Renew certificate: Incorrect response code from ACME server: 500
2022:02:15-03:05:04 remote letsencrypt[13148]: E Renew certificate: URL was: https://acme-v02.api.letsencrypt.org/directory
2022:02:15-03:05:04 remote letsencrypt[13148]: I Renew certificate: handling CSR REF_CaCsrMagicDevic for domain set [device.vewag.de]
2022:02:15-03:05:04 remote letsencrypt[13148]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service
2022:02:15-03:05:04 remote letsencrypt[13148]: I Renew certificate: sending notification WARN-603
2022:02:15-03:05:04 remote letsencrypt[13148]: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service
2022:02:15-03:05:04 remote letsencrypt[13148]: I Renew certificate: handling CSR REF_CaCsrSeconserve for domain set [secon.vewag.de]
2022:02:15-03:05:04 remote letsencrypt[13148]: E Renew certificate: TOS_UNAVAILABLE: Could not obtain the current version of the Let's Encrypt Terms of Service

I can login to a root shell on my machine: no (not currently)

Current build of Sophos SG: 9.707-5

We have seen this error several times in past few months and they were all problems with the Sophos setup. Below is one of those threads but you could search this forum for others. The first error in your post (http 500) is the original failure.

If that does not help you will get better help on the Sophus support or community forums. They know the config for these systems better than we do.

4 Likes

Thanks for your reply. I will reach out to the sophos support.

The only thing I am still confued about is, that I can't request a certificate for vewag.de from a sophos where I can successfully request certificates for other domains.

2 Likes

I have no idea. Does Sophos allow different security settings (like cert checks) based on the domain name? I am just guessing but something to ask them for sure. Good luck and post back if they can provide more details on the failure.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.