My domain is: span-group.com
My hosting provider, if applicable, is: cloudflare
facing an issue for certificate issue expiry from lets encrypt expired dated 2019. This error started recently and now alot of users are having this issue. I have no idea who and where was the certificate was generated and configured, Need help to get rid of this popup.
Thanks
Your hostname resolves to an IP address from CloudFlare indeed. They use their own certificates, not the ones from Let's Encrypt.
That said I do see a Let's Encrypt certificate issued for news.span-group.com. See: crt.sh | span-group.com
Is that also the hostname your users connect to using Outlook? And on which port?
It might help us if you could show us the exact error from Outlook and the exact settings used in Outlook.
Have a look at this link crt.sh | span-group.com and search for 1079145140 this is the one which is popping up for all of our users, now regarding the port and settings for outlook we are on M365 which connects directly unless there is a way to know which ports are being used.
Does the error happen when checking email or sending it, or something else? The reason I ask is there are several services involved and when the error occurs and where they see it in the app probably provides a clue. If users are seeing this recently I'd suggest that an update or group policy change was recently rolled out which points machines to the wrong place (e.g. perhaps a hard coded hosts file for autodiscover.span-group.com?), or if you started to use a proxy for network access then it could be incorrectly resolving your on-site exchange server instead, or if you have split public and internal DNS check that the internal DNS is pointing to office 365 in the same way that public is.
I'd check your existing on-site exchange server (probably running OWA?), assuming you still have one, look in Computer Certificate (certmgr.msc for local computer) under Personal and see if that cert is there, if so check the IIS logs to see if machines are trying to access that service all of a sudden.
[I am not an exchange administrator, I'm just guessing]
We dont have an exchange on premesis the clients are connecting to office365 over the internet.
On my local DC i checked for the certmgr.msc and could not find anything related to that certifical from letsencrypt. on the same DC i dont have iis enable as well, How can I check if the internal DC is pointing to the office365 in the same as public should ?
Well, someone installed a Let's Encrypt certificate on a certain service somehow. Although it is possible, most services don't automatically enable TLS through Let's Encrypt certificates, but require some manual input.
Perhaps ask the person who installed the certificate in the first place?
Yeah sorry I can't really advise on the inner workings of Exchange/Outlook to that extent and it does depend where/when the users are seeing the error (you mentioned a popup but not what it says or what it looks like). Maybe something to do with autodiscovery endpoints? Find Autodiscover endpoints by using SCP lookup in Exchange | Microsoft Docs
Of course it could also be things like email signatures etc, which sometimes contain images loaded from a website.
no one knows how it was done, Isn't there a way to disable it or to remove it completely.
Yes, you can find out which service the error relates to and disable that service, see if windows event log is reporting anything. The error message will probably tell you what thing is failing to communicate. If it's an http service you could run Fiddler to look for the request that fails, otherwise perhaps use Wireshark.
Is this the error? "The name on the security certificate is invalid or does not match the name of the site" error in Outlook in a dedicated or ITAR Office 365 environment
Incidentally I see there is a recently updated ms article about weird autodiscovery behaviour, perhaps that's related.
Unexpected Autodiscover behavior if settings under the \Autodiscover key - Outlook | Microsoft Docs
but its happening to alot of users, i do understand if its one user then i can check the above on his local pc but here we are talking about more then 50 users
Hi, if you are unable to provide more information about the error you're seeing (and when) I'm afraid there's nothing I can suggest. Currently we're just guessing.
Really this problem has nothing to do with Let's Encrypt (which just provides certificates, it doesn't determine how you use them) because it's just that one of your own services is misconfigured. If you can't figure it out I'd suggest escalating the issue to Microsoft support.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.