Might be quite useful if you are troubleshooting.Īccording to this German comment, these can be found and deleted under Webserver Protection -> Certificate Management -> Certificate Authority. I deleted them and the problem with the chain was solved. In the Sophos UTM, in addition to the valid root CAs, there were the two certificates that had already expired.
Have checked the certificate directly on the server (win-acme), as well as reverse proxy (Sophos UTM with LE), all OK.Ī short time later I also got feedback on Facebook that iPhones with iOS 14 could not use communication with mail servers either. Here I get a message displayed that the certificate has expired, although an expiration date is displayed in the future. It really looks like there are problems with the internal mail app under the current iOS 15 release. In my German blog, several users reported issues with access from iOS devices in conjunction with Sophos UTM (firewall appliance). After the restart the certificate chain is displayed correctly on the server. Here I can give again the hint which reached me via Facebook: In my case an Exchange Server restart helped. Solution on Exchange server renew the certificate ! you should work with the win-acme solution from Frankys web! After that, the iOS devices were able to communicate again.Īlso in this German comment Markus reports problems in connection with the accessibility of an Exchange server due to certificate problems. Unfortunately, resetting the IIS does not help.
#Iserial reader security certificate has expired windows#
Only a restart of the Windows server causes a new certificate to be included in the certificate chain. This confirms the problem that in many cases an updated Let's Encrypt certificate does not take effect. * just issuing an iisreset does NOT fix the issue * rebooting the server causes the chains to be rebuilt and also fixes the issue. * Renewing the certificates on the server causes the chains to be rebuild and fixes the issue Other clients (Windows) continue working just fine. It keeps sending the expired intermediate certificate even after the actual expire date until the server is rebooted this breaks Clients that don't provide intermediate certificates themselves (like iOS). There are issues with IIS the certificates are actually OK, but when building the certificate chain it sends, it prefers the old and now expired R3 intermediate certificate. Martin Bene wrote within this comment here in my blog: Also in this German comment on heise someone complains about issues with IIS and Let's Encrypt certificates. Other comments like this German one within my blog confirm the issues with iOS devices. Why this only occurred on macOS and IOS is not entirely clear. issue all Let's-Encrypt certificates NEWĪfter that the Apple devices had no problems, a restart there was not necessary. delete the expired X3 certificate in the Windows server certificate store. On macOS, the problem also occurred with Firefox. On all Windows devices there were no problems, with any browser. Issues mit Let's Encrypt certificate, but that only occurred with macOS and iOS, when retrieved from a Windows server IIS. On German site heise there is this German comment, which contains some hints. Windows Internet Information Server (IIS) seems to have had problems with iOS devices. In this case, restarting the servers in question fixed the certificate chain – as can be seen from the following.
The problem was that the server in question preferred the older Let's Encrypt certificate. I have received a few comments reporting problems with Exchange Server as well as Windows Internet Information Server (IIS). In the meantime, however, it is clear from reader feedback that devices with iOS 14 or iOS 15, macOS etc. 30, 2021: Will we see trouble with old Let's Encrypt certificates? However, it was unclear whether this would have an impact – it was assumed that this would only affect very old devices that no longer receive updates (e.g. I had pointed this out in the blog post Sept. Clients that only know the old root certificates will not be able to verify Let's Encrypt server certificates after that. As of today, September 30, 2021, some root certificates used by Let's Encrypt to sign client certificates will lose their validity (expiration of Intermediate R3 on at 19:21:40 GMT – the DST Root CA X3 expires on 14:01:15 GMT).
0 kommentar(er)
