Failed V15 Update - Certificate Generation Error

Discussion in '3CX Phone System - General' started by kevsach, Aug 1, 2016.

Thread Status:
Not open for further replies.
  1. kevsach

    Joined:
    Aug 1, 2016
    Messages:
    1
    Likes Received:
    0
    Hi,

    I uninstalled v14 this evening on our production server, and proceeded to install v15. The installer completed and the command prompt style configuration tool ran OK, asking me to restore from a backup.

    When I choose the option to generate a certificate based on a 3CX domain name the application fails with an error. (Sorry didn't get a screen grab) which essentially says that the letsencrypt.org end user license agreement being referenced has been superseded today (1st August) and is therefore incorrect. The certificate does not generate, and the config wizard will not proceed any further.

    Luckily I snapshotted the VM prior to upgrade and have reverted to v14. I realize I do not have official support, but hope that someone can inform 3CX engineers that the script which generates the letsencrypt.org certificate needs an edit, ASAP!

    Thanks

    Kev
    University of Hull - UK
     
  2. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    Status 400: Provided agreement URL does not match current agreement URL

    should be easy to reproduce :arrow:
    LE-SA-v1.0.1-July-27-2015.pdf
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. ecublake

    Joined:
    Jul 14, 2016
    Messages:
    1
    Likes Received:
    0
    I'm having the same issue. Essentially the error states:

    Error creating FQDN: {
    "TYPE": "URN:ACME:ERROR:MALFORMED",
    "DETAIL": "PROVIDED AGREEMENT URL [HTTPS://LETSENCRYPT.ORG/DOCUMENTS/LE-SA-V1.
    0.1-JULY-27-2015.PDF] DOES NOT MATCH CURRENT AGREEMENT URL [HTTPS://LETSENCRYPT.
    ORG/DOCUMENTS/LE-SA-V1.1.1-AUGUST-1-2016.PDF]",
    "STATUS": 400
    }

    It seems there is a version mismatch between the tools agreement and the current.
     
  4. MichaelB

    MichaelB Member
    3CX Support

    Joined:
    Aug 25, 2009
    Messages:
    407
    Likes Received:
    8
    Hi, Yes we are working on this as yesterday update from lets encrypt caused some changes in the subscriber.
    We will get back to you when this is resolved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. MichaelB

    MichaelB Member
    3CX Support

    Joined:
    Aug 25, 2009
    Messages:
    407
    Likes Received:
    8
    @ forum users, retry again by downloading Version 15 3CX Phone System.
    Let us know, thanks again.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. craigreilly

    craigreilly Well-Known Member

    Joined:
    Feb 1, 2012
    Messages:
    3,424
    Likes Received:
    278
    Hopefully there is a way to overcome this when letsencrypt makes a change instead of waiting for an update from 3cx...
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    SP1: Typo in config tool message

    what about renewing on existing installations?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. MichaelB

    MichaelB Member
    3CX Support

    Joined:
    Aug 25, 2009
    Messages:
    407
    Likes Received:
    8
    We provided a hotfix yesturday via updates so update.
    Thanks
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. michaelf

    Joined:
    Jun 15, 2011
    Messages:
    5
    Likes Received:
    0
    I have a client using the free version and they're thinking about upgrading to the paid version, but the LetsEncrypt certificate is not updating. They didn't have SP2 or SP3 installed, so I installed them, but still no change. (I figured it would update the certificate on startup if it was expired). Any way to force an update of the LE certificate?
     
  10. Sopock

    Sopock Member

    Joined:
    Jul 11, 2012
    Messages:
    447
    Likes Received:
    20
    It seems that it is not possible to renew expired cert?:confused:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.