Readdy Write  
0,00 €
Your View Money
Views: Count
Self 20% 0
Your Content 60% 0

Users by Links 0
u1*(Content+Views) 10% 0
Follow-Follower 0
s2*(Income) 5% 0

Count
Followers 0
Login Register as User

Problem: https ssl auf einer Domain wird nicht erkannt, obwohl Letsencrypt ausgeführt wurde

12.04.2021 (👁23238)

Problem: https ssl auf einer Domain wird nicht erkannt, obwohl Letsencrypt ausgeführt wurde

Problem:

Nach dem Wechsel von Letsencrypt 1 auf 2 ist eine .Net Domain seither nicht richtig erreichbar.

Lösung:

Mit Letsencrypt2 das Zertifikat komplett mit Revoke und Cancel Update entfernen.

Dann mit manuellem Create Certificate hinzugefügt.

Ihre Verbindung ist nicht privat.

Angreifer versuchen möglicherweise Ihre Informationen von readdy.net zu stehlen (z. B. Kennwörter, Nachrichten oder Kreditkarten).

NET::ERR_CERT_DATE_INVALID

Lösung:

Letsencrypt2 durchlaufen lassen

Please pick the main host, which will be presented as the subject of the certificate: 1

 

 1: readdy.net (Site 1)

 2: www.readdy.net (Site 1)

 

 Continue with this selection? (y*/n)  - yes

 

 Target generated using plugin IIS: readdy.net and 1 alternatives

 

 Requesting certificate [IIS] Readdy, (any host)

 Store with CertificateStore...

 Installing certificate in the certificate store

 Adding certificate [IIS] Readdy, (any host) @ 2021/4/12 17:11:41 to store WebHosting

 Installing with IIS...

 Prevent adding duplicate binding for *:443:Readdy.net

 Updating existing https binding www.readdy.net:443 (flags: 1)

 Committing 1 https binding changes to IIS

 Scheduled task looks healthy

 Adding renewal for [IIS] Readdy, (any host)

 Next renewal scheduled at 2021/6/6 17:11:40

 Certificate [IIS] Readdy, (any host) created

 

 N: Create certificate (default settings)

 M: Create certificate (full options)

 R: Run renewals (0 currently due)

 A: Manage renewals (8 total)

 O: More options...

 Q: Quit

Trotzdem wird auf einigen Browsern das neue Zertifikat nicht richtig erkannt

Warnung: Mögliches Sicherheitsrisiko erkannt

Firefox hat ein Problem erkannt und readdy.net nicht aufgerufen. Entweder ist die Website falsch eingerichtet oder Datum und/oder Uhrzeit auf diesem Computer sind nicht korrekt.

Das Zertifikat der Website ist wahrscheinlich abgelaufen, weshalb Firefox keine verschlüsselte Verbindung aufbauen kann. Falls Sie die Website besuchen, könnten Angreifer versuchen, Passwörter, E-Mails oder Kreditkartendaten zu stehlen.

Was können Sie dagegen tun?

Am wahrscheinlichsten wird das Problem durch die Website verursacht und Sie können nichts dagegen tun. Sie können den Website-Administrator über das Problem benachrichtigen.

A simple Windows ACMEv2 client (WACS)

 Software version 2.1.11.917 (RELEASE, PLUGGABLE, 64-bit)

 ACME server https://acme-v02.api.letsencrypt.org/

 IIS version 10.0

 Running with administrator credentials

 Scheduled task looks healthy

 Please report issues at https://github.com/win-acme/win-acme

 

 N: Create certificate (default settings)

 M: Create certificate (full options)

 R: Run renewals (0 currently due)

 A: Manage renewals (8 total)

 O: More options...

 Q: Quit

 

 Please choose from the menu: a

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] CodeDocu_com, (any host) - renewed 1 time, due after 2021/5/4 16:05:47

 2: [IIS] CodeDocu_de, (any host) - renewed 1 time, due after 2021/5/11 12:51:59

 3: [IIS] CodeDocu_de, codedocu.de - renewed 1 time, due after 2021/5/11 12:51:25

 4: [IIS] CoreFusions, (any host) - renewed 3 times, due after 2021/5/4 16:06:41

 5: [IIS] FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:00:35

 6: [IIS] FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:01:39

 7: [IIS] Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40

 8: [IIS] Rue25, (any host) - renewed 1 time, due after 2021/5/4 16:07:15

 

  Currently selected 8 of 8 renewals

 

 F: Apply filter

 S: Sort renewals

 D: Show details for *all* renewals

 R: Run *all* renewals

 U: Analyze duplicates for *all* renewals

 C: Cancel *all* renewals

 V: Revoke certificate(s) for *all* renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: 7

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40

 

 X: Reset sorting and filtering

 D: Show details for 1 of 8 renewals

 R: Run 1 of 8 renewals

 U: Analyze duplicates for 1 of 8 renewals

 C: Cancel 1 of 8 renewals

 V: Revoke certificate(s) for 1 of 8 renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: v

 

 Are you sure you want to revoke the most recently issued certificate for 1 currently selected renewal? This should only be done in case of a (suspected) security breach. Cancel the renewal if you simply don't need the certificates anymore. (y/n*)  - yes

 

 Revoked certificate [IIS] Readdy, (any host) @ 2021/4/12 17:11:41

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error like "Certificate(s) revoked"

 

 X: Reset sorting and filtering

 D: Show details for 1 of 8 renewals

 R: Run 1 of 8 renewals

 U: Analyze duplicates for 1 of 8 renewals

 C: Cancel 1 of 8 renewals

 V: Revoke certificate(s) for 1 of 8 renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: d

 

 Details for renewal 1/1

 

 Id:                  axt-vV50rkuNtdyN6Obqnw

 File:                axt-vV50rkuNtdyN6Obqnw.renewal.json

 FriendlyName:        [Auto] [IIS] Readdy, (any host)

 .pfx password:       wcv2FMDgchy8Mfk/m+EVqHm3W8x4wHIQtqL4eDndROM=

 Renewal due:         6/6/2021 5:11:40 PM

 Renewed:             1 times

 Target        -----------------------------------------------------------------

  - Plugin:           IIS - (Read site bindings from IIS)

  - Common name:      readdy.net

  - Sites:            1

  - Hosts:            All

 Validation    -----------------------------------------------------------------

  - Plugin:           SelfHosting - (Serve verification files from memory)

 Order         -----------------------------------------------------------------

  - Plugin:           Single - (Single certificate)

 CSR           -----------------------------------------------------------------

  - Plugin:           RSA - (RSA key)

 Store         -----------------------------------------------------------------

  - Plugin:           CertificateStore - (Windows Certificate Store)

 Installation  -----------------------------------------------------------------

  - Plugin:           IIS - (Create or update https bindings in IIS)

 History       -----------------------------------------------------------------

 

 1: 4/12/2021 3:11:40 PM - Success - Thumbprint 99FC393BAE9FAECC7F2FAA86E6B823208966522C

 2: 4/12/2021 3:48:11 PM - Error - Certificate(s) revoked

 

 Press <Enter> to continue

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error like "Certificate(s) revoked"

 

 X: Reset sorting and filtering

 D: Show details for 1 of 8 renewals

 R: Run 1 of 8 renewals

 U: Analyze duplicates for 1 of 8 renewals

 C: Cancel 1 of 8 renewals

 V: Revoke certificate(s) for 1 of 8 renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: d

 

 Details for renewal 1/1

 

 Id:                  axt-vV50rkuNtdyN6Obqnw

 File:                axt-vV50rkuNtdyN6Obqnw.renewal.json

 FriendlyName:        [Auto] [IIS] Readdy, (any host)

 .pfx password:       wcv2FMDgchy8Mfk/m+EVqHm3W8x4wHIQtqL4eDndROM=

 Renewal due:         6/6/2021 5:11:40 PM

 Renewed:             1 times

 Target        -----------------------------------------------------------------

  - Plugin:           IIS - (Read site bindings from IIS)

  - Common name:      readdy.net

  - Sites:            1

  - Hosts:            All

 Validation    -----------------------------------------------------------------

  - Plugin:           SelfHosting - (Serve verification files from memory)

 Order         -----------------------------------------------------------------

  - Plugin:           Single - (Single certificate)

 CSR           -----------------------------------------------------------------

  - Plugin:           RSA - (RSA key)

 Store         -----------------------------------------------------------------

  - Plugin:           CertificateStore - (Windows Certificate Store)

 Installation  -----------------------------------------------------------------

  - Plugin:           IIS - (Create or update https bindings in IIS)

 History       -----------------------------------------------------------------

 

 1: 4/12/2021 3:11:40 PM - Success - Thumbprint 99FC393BAE9FAECC7F2FAA86E6B823208966522C

 2: 4/12/2021 3:48:11 PM - Error - Certificate(s) revoked

 

 Press <Enter> to continue

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] Readdy, (any host) - renewed 1 time, due after 2021/6/6 17:11:40, 1 error like "Certificate(s) revoked"

 

 X: Reset sorting and filtering

 D: Show details for 1 of 8 renewals

 R: Run 1 of 8 renewals

 U: Analyze duplicates for 1 of 8 renewals

 C: Cancel 1 of 8 renewals

 V: Revoke certificate(s) for 1 of 8 renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: c

 

 Are you sure you want to cancel 1 currently selected renewal? (y/n*)  - yes

 

 Renewal [IIS] Readdy, (any host) - renewed 1 time, due after 6/6/2021 5:11:40 PM, 1 error like "Certificate(s) revoked" cancelled

 

  Welcome to the renewal manager. Actions selected in the menu below will be

  applied to the following list of renewals. You may filter the list to target

  your action at a more specific set of renewals, or sort it to make it easier

  to find what you're looking for.

 

 1: [IIS] CodeDocu_com, (any host) - renewed 1 time, due after 2021/5/4 16:05:47

 2: [IIS] CodeDocu_de, (any host) - renewed 1 time, due after 2021/5/11 12:51:59

 3: [IIS] CodeDocu_de, codedocu.de - renewed 1 time, due after 2021/5/11 12:51:25

 4: [IIS] CoreFusions, (any host) - renewed 3 times, due after 2021/5/4 16:06:41

 5: [IIS] FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:00:35

 6: [IIS] FreeHeatBox, (any host) - renewed 3 times, due after 2021/4/13 10:01:39

 7: [IIS] Rue25, (any host) - renewed 1 time, due after 2021/5/4 16:07:15

 

  Currently selected 7 of 7 renewals

 

 F: Apply filter

 S: Sort renewals

 D: Show details for *all* renewals

 R: Run *all* renewals

 U: Analyze duplicates for *all* renewals

 C: Cancel *all* renewals

 V: Revoke certificate(s) for *all* renewals

 Q: Back

 

 Choose an action or type numbers to select renewals: <Enter>

 

 Choose an action or type numbers to select renewals: q

 

 N: Create certificate (default settings)

 M: Create certificate (full options)

 R: Run renewals (0 currently due)

 A: Manage renewals (7 total)

 O: More options...

 Q: Quit

 

 Please choose from the menu: m

 

 Running in mode: Interactive, Advanced

 

  Please specify how the list of domain names that will be included in the

  certificate should be determined. If you choose for one of the "all bindings"

  options, the list will automatically be updated for future renewals to

  reflect the bindings at that time.

 

 1: Read site bindings from IIS

 2: Manual input

 3: CSR created by another program

 C: Abort

 

 How shall we determine the domain(s) to include in the certificate?: <Enter>

 

  Please select which website(s) should be scanned for host names. You may

  input one or more site identifiers (comma separated) to filter by those

  sites, or alternatively leave the input empty to scan *all* websites.

 

 5: CodeDocu_com (2 bindings)

 4: CodeDocu_de (4 bindings)

 9: CoreFusions (2 bindings)

 10: FreeHeatBox (2 bindings)

 8: MailEnable Protocols (2 bindings)

 3: MailEnable WebAdmin (1 binding)

 2: MailEnable WebMail (1 binding)

 1: Readdy (2 bindings)

 6: Rue25 (2 bindings)

 

 Site identifier(s) or <Enter> to choose all: 1

 

 1: readdy.net (Site 1)

 2: www.readdy.net (Site 1)

 

  Listed above are the bindings found on the selected site(s). By default all

  of them will be included, but you may either pick specific ones by typing the

  host names or identifiers (comma seperated) or filter them using one of the

  options from the menu.

 

 P: Pick bindings based on a search pattern

 R: Pick bindings based on a regular expression

 A: Pick *all* bindings

 

 Binding identifiers(s) or menu option: a

 

 1: readdy.net

 2: www.readdy.net

 

 Please pick the main host, which will be presented as the subject of the certificate: <Enter>

 

 1: readdy.net (Site 1)

 2: www.readdy.net (Site 1)

 

 Continue with this selection? (y*/n)  - <Enter>

 

 Target generated using plugin IIS: readdy.net and 1 alternatives

 

 Suggested friendly name '[IIS] Readdy, (any host)', press <Enter> to accept or type an alternative: <Enter>

 

  The ACME server will need to verify that you are the owner of the domain

  names that you are requesting the certificate for. This happens both during

  initial setup *and* for every future renewal. There are two main methods of

  doing so: answering specific http requests (http-01) or create specific dns

  records (dns-01). For wildcard domains the latter is the only option. Various

  additional plugins are available from https://github.com/win-acme/win-acme/.

 

 1: [http-01] Save verification files on (network) path

 2: [http-01] Serve verification files from memory

 3: [http-01] Upload verification files via FTP(S)

 4: [http-01] Upload verification files via SSH-FTP

 5: [http-01] Upload verification files via WebDav

 6: [dns-01] Create verification records manually (auto-renew not possible)

 7: [dns-01] Create verification records with acme-dns (https://github.com/joohoi/acme-dns)

 8: [dns-01] Create verification records with your own script

 9: [tls-alpn-01] Answer TLS verification request from win-acme

 C: Abort

 

 How would you like prove ownership for the domain(s)?: <Enter>

 

  After ownership of the domain(s) has been proven, we will create a

  Certificate Signing Request (CSR) to obtain the actual certificate. The CSR

  determines properties of the certificate like which (type of) key to use. If

  you are not sure what to pick here, RSA is the safe default.

 

 1: Elliptic Curve key

 2: RSA key

 C: Abort

 

 What kind of private key should be used for the certificate?: <Enter>

 

  When we have the certificate, you can store in one or more ways to make it

  accessible to your applications. The Windows Certificate Store is the default

  location for IIS (unless you are managing a cluster of them).

 

 1: IIS Central Certificate Store (.pfx per host)

 2: PEM encoded files (Apache, nginx, etc.)

 3: PFX archive

 4: Windows Certificate Store

 5: No (additional) store steps

 

 How would you like to store the certificate?: <Enter>

 

 1: IIS Central Certificate Store (.pfx per host)

 2: PEM encoded files (Apache, nginx, etc.)

 3: PFX archive

 4: Windows Certificate Store

 5: No (additional) store steps

 

 Would you like to store it in another way too?: <Enter>

 

  With the certificate saved to the store(s) of your choice, you may choose one

  or more steps to update your applications, e.g. to configure the new

  thumbprint, or to update bindings.

 

 1: Create or update https bindings in IIS

 2: Create or update ftps bindings in IIS

 3: Start external script or program

 4: No (additional) installation steps

 

 Which installation step should run first?: <Enter>

 

 Use different site for installation? (y/n*)  - <Enter>

 

 1: Create or update https bindings in IIS

 2: Create or update ftps bindings in IIS

 3: Start external script or program

 4: No (additional) installation steps

 

 Add another installation step?: <Enter>

 

 First chance error calling into ACME server, retrying with new nonce...

 Requesting certificate [IIS] Readdy, (any host)

 Store with CertificateStore...

 Installing certificate in the certificate store

 Adding certificate [IIS] Readdy, (any host) @ 2021/4/12 17:55:24 to store WebHosting

 Installing with IIS...

 Adding new https binding *:443:Readdy.net

 Adding new https binding *:443:www.readdy.net

 Committing 2 https binding changes to IIS

 Scheduled task looks healthy

 Adding renewal for [IIS] Readdy, (any host)

 Next renewal scheduled at 2021/6/6 17:55:21

 Certificate [IIS] Readdy, (any host) created

 

 N: Create certificate (default settings)

 M: Create certificate (full options)

 R: Run renewals (0 currently due)

 A: Manage renewals (8 total)

 O: More options...

 Q: Quit

 Please choose from the menu: