• V20: 3CX Re-engineered. Get V20 for increased security, better call management, a new admin console and Windows softphone. Learn More.

Solved Renewal for SSL Certificate for [3CX PBX FQDN] failed

Status
Not open for further replies.

Jon George

Free User
Joined
Sep 14, 2017
Messages
11
Reaction score
1
Hello, all-

The LetsEncrypt auto-renewal of the SSL certificate for my 3CX PBX has failed. Here is the email I received:

HTTPS Certificate renewal Failed - Error:
IpUpdater.FqdnGenerationException: Error creating FQDN: Unexpected error : {
"type": "urn:acme:error:badNonce",
"detail": "JWS has invalid anti-replay nonce [LotSofgoBBeldygOok_aNdsoMEmorE]",
"status": 400
} ; LetsEncrypt: The remote server returned an error: (400) Bad Request.
at PostInstall.CertificateHelper.ProcessCertificatesDirectory(String directory, Boolean temporaryCertificateGenerated, CloudServerStatus statuses, Int32 regenerateCertificateExiredInDays, String appBin, UInt16 sipPort, UInt16 tunnelPort)
at PostInstall.CertificateHelper.RenewCertificates(String appBin, String nginxConfigFolder, String configurationPath)

I haven't found any possible solutions to this specific error yet, so I have not tried anything yet. I'm running Version 15.5.0 on Windows Server 2012 R2 Datacenter.

If anyone can point me in the right direction, that would be spiffy! Thanks in advance!
 
Perhaps a SP update will help?
 
Thanks for the suggestion! The only update available to me on the Updates page is the 15.5 SP6 BETA. So I believe that the PBX is patched to the latest general release.
 
Oh - you said you were on 15.5.0 - current is 15.5.13103.5
 
Ah, I see. I just checked that by going to Settings > License. Is there somewhere I can get my exact build number?
 
Found it on Dashboard under the Information column in the License field! I am on 15.5.13103.5
 
If this is the first occurrence it could just be a transient issue.
 
It is the first occurrence. How often will the auto cert renewal process try again? The cert expires early next month, you think I should just keep an eye on it for a couple days and see if it sorts itself out?
 
I don't know if 3CX has posted specifics on when it tries to renew and how it responds to failures but I have seen failures from time to time in my email notifications by they seem to resolve themselves. I'm pretty sure you will see the same.
 
  • Like
Reactions: Jon George
Alright, I'll monitor for a few days and report back. Thanks!
 
Hello @Jon George

Please note that the PBX will try to update the certificate every night so this could have been a temporary issue with Let's Encrypt. Let i ti try again and let us know of the results.
 
@cobaltit and @YiannisH_3CX,

You were correct, I got a notification that the certificate had been renewed successfully last night and I verified that the expiration date has updated and that all services are running normally.

Thanks!
-Jon
 
  • Like
Reactions: craigreilly
Glad to see the issue has been resolved and thank you for updating the thread.
 
Status
Not open for further replies.
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.