Letsencrypt - after installation https:://ucs-sso... is not working anymore

alexpfh · April 10, 2019, 2:42pm

Sorry i’m new to UCS,
I use version 4.4-0 errata47
I installed a full server and connected with office 365 with APP for Office365.
Then i discovered that outlook require a valid certificate to let’s the people login.
I decide to install letsencrypt configure it with the 2 domains and require the certificate.
I get finally 2 valid certificate and i can see them in my browser and they are valid.
Now i have this problem:
the HTTPS link of the ucs-sso is not working anymore.
and we get this traceback

Not Found

The requested URL https://ucs-sso.mydomain.net/saml-bin/php-cgi/simplesamlphp/saml2/idp/SSOService.php was not found on this server.

but i noticed that when i visit the same URL without HTTPS then it works.

Thanks to anyone will support me.
Alessandro

Moritz_Bunkus · April 11, 2019, 7:26am

Did you configure Let’s Encrypt to also issue a certificate for ucs-sso.yourdomain? If so, the virtual host entry created for said LE domain will take precedence over the original virtual host entry, and the LE VHost will not contain all the settings required for the ucs-sso entry to work correctly. I don’t know if there’s a solution for that at the moment.

If this is the case, you should probably file a bug so that the Let’s Encrypt app can be fixed by special-casing the domain used for SAML.

alexpfh · April 11, 2019, 8:47am

Thankyou very much for your answer i think that this is exact my case.
I will file a BUG so that the Let’s Encrypt app can be fixed.
Thankyou very much

Urs · May 29, 2019, 8:24am

I got the very same problem with a newly installed UCS 4.4.0 and after updating the LetsEncrypt certificate with the ucs.sso.mydomain it stopped working.
Is there any solution for it yet?

thanks

pate1337 · July 29, 2020, 11:48pm

You can avoid this issue if you implement a wildcard certificate, please see my post here: Letsencrypt app - wildcards supported?

fbartels · July 30, 2020, 4:58am

No, the problem is not the certificate, but the Apache configuration created by the app.

pate1337 · July 31, 2020, 10:25am

Yes, but if you follow my recommendation, which is NOT using the letsencrypt bot from the app center at all, it will not destroy your apache configuration.

I think his general intention was to secure ucs-sso with a letsencrypt certificate…

All the best
pate1337

letmesetupthis · June 22, 2021, 10:17am

any update on this one? maybe a solution using a remote DNS like Cloudflare/Godaddy?