Hello UCS members. I recently renewed the host certificate for UCS domain after the 5 year expiration and now when I log in I get the expiration message showing a negative number.
“The SSL host certificate will expire in -1 days and should be renewed!”
Also found this in the system diagnostics…
Found invalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed
Found invalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed
The SAML identity provider certificate ‘/usr/share/univention-management-console/saml/idp/ucs-sso.cloud.falconitservices.com.xml’ is missing in https://x.x.x.x/simplesamlphp/saml2/idp/certificate. Re-execute the join-script 92univention-management-console-web-server via [“Domain join” module](javascript:void(0)) or execute univention-run-join-scripts --force --run-scripts 92univention-management-console-web-server on the command line as user root.
I have run the command as root twice but error persists.
Will this cause any problems down the line?
OK, after the second day, this problem went away by itself. I still have this error:
########################## Start 04_saml_certificate_check ##########################
Check failed: 04_saml_certificate_check - SAML certificate verification failed!
The SAML identity provider certificate ‘/usr/share/univention-management-console/saml/idp/ucs-sso.cloud.falconitservices.com.xml’ is missing
and this error:
######################### Start 02_certificate_check ########################
Check failed: 02_certificate_check - Check validity of SSL certificates
Found invalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed
Found invalid certificate ‘/etc/univention/letsencrypt/signed_chain.crt’:
error /etc/univention/letsencrypt/signed_chain.crt: verification failed
Please see Univention Support Database - Renewing the TLS/SSL certificates (http://sdb.univention.de/1183) on how to renew certificates.
Hello, there were some problems when I created the certificate due to a geo-ip filter I have in place blocking traffic to Finland. I followed the same steps to renew the root certificate and everything went well the second time around.