Letsencrypt - after installation https:://ucs-sso... is not working anymore

Sorry i’m new to UCS,
I use version 4.4-0 errata47
I installed a full server and connected with office 365 with APP for Office365.
Then i discovered that outlook require a valid certificate to let’s the people login.
I decide to install letsencrypt configure it with the 2 domains and require the certificate.
I get finally 2 valid certificate and i can see them in my browser and they are valid.
Now i have this problem:
the HTTPS link of the ucs-sso is not working anymore.
and we get this traceback

Not Found

The requested URL https://ucs-sso.mydomain.net/saml-bin/php-cgi/simplesamlphp/saml2/idp/SSOService.php was not found on this server.

but i noticed that when i visit the same URL without HTTPS then it works.

Thanks to anyone will support me.

Did you configure Let’s Encrypt to also issue a certificate for ucs-sso.yourdomain? If so, the virtual host entry created for said LE domain will take precedence over the original virtual host entry, and the LE VHost will not contain all the settings required for the ucs-sso entry to work correctly. I don’t know if there’s a solution for that at the moment.

If this is the case, you should probably file a bug so that the Let’s Encrypt app can be fixed by special-casing the domain used for SAML.

Thankyou very much for your answer i think that this is exact my case.
I will file a BUG so that the Let’s Encrypt app can be fixed.
Thankyou very much

I got the very same problem with a newly installed UCS 4.4.0 and after updating the LetsEncrypt certificate with the ucs.sso.mydomain it stopped working.
Is there any solution for it yet?


You can avoid this issue if you implement a wildcard certificate, please see my post here: Letsencrypt app - wildcards supported?

No, the problem is not the certificate, but the Apache configuration created by the app.

Yes, but if you follow my recommendation, which is NOT using the letsencrypt bot from the app center at all, it will not destroy your apache configuration. :slight_smile:

I think his general intention was to secure ucs-sso with a letsencrypt certificate…

All the best