LetsEncrypt certificate renewal has been working on my Axigen hosts without any problem for quite some time. I’m always using the most recent releases, on both Windows and Ubuntu. Recently I started receiving error messages saying:
“Certificate renewal for hostname [mydomain].nl failed! Please check server log for details.”
I checked the log and it says (amongst other things):
2021-10-26 19:31:46 +0200 08 roicon JOBLOG:70000016: LetsE: Acme job executing
2021-10-26 19:31:46 +0200 08 roicon JOBLOG:70000016: LetsE: AcmeInitState for [mydomain].nl executing
2021-10-26 19:31:47 +0200 02 roicon JOBLOG:70000016: HTTP-Client: Error performing request in connection to https://acme-v02.api.letsencrypt.org:443/directory:SSL peer certificate or SSH remote key was not OK
From the information you have shared my understanding is that Axigen is unable to validate the SSL peer certificate when connecting to https://acme-v02.api.letsencrypt.org which seems to have a new certificate (generated on 17 Oct).
Axigen uses the operating system’s certificate bundle to perform certificate validation based on a certificate chain.
Now, in cases that this operation is somehow not working correctly or the OS does not have an updated list of certificates we could use a local bundle (called cacert_default.pem), placed by the installer into Axigen working directory.
As this local bundle may need an update as well please follow below steps and let us know if it fix your problem:
1/ go to Axigen working directory
2/ create a backup of cacert_default.pem file
3/ update the content of this file with the latest CA bundle from curl - Extract CA Certs from Mozilla