Problem: Connections (as a client) to let's encryted domains from UCS not trusted

Knowledge Base Community
, , ,
#1

Problem

With UCS 4.4-8 errata 1057 an below access of Let’s Encrypt signed sites is not possible since 2021-10-01 as the certificate is not trusted.
You can test it by using tool like curl or wget.

root@dc1:~# curl https://dc1.fqdn-host.de
curl: (60) SSL certificate problem: certificate has expired

Solution

Please install errata 1059 and 1060 that will fix the problem.

In some cases you need to remove the old R3-certificate and refresh ca certs:

rm /usr/local/share/ca-certificates/lets-encrypt-r3.crt
update-ca-certificates  --fresh

Maybe it also needs a refresh for lets encrypt

/usr/share/univention-letsencrypt/refresh-cert-cron

Search tags: letsencrypt

1 Like
System diagnostic suddenly gives me: Found invalid certificate '/etc/univention/letsencrypt/signed_chain.crt'
UCS lässt sich wegen Kopano nicht aktualisieren
System diagnostic suddenly gives me: Found invalid certificate '/etc/univention/letsencrypt/signed_chain.crt'
#2
Mastodon