WAF not functionnal (CPGuard) after Let's Encrypt root certificate change
16 views
Skip to first unread message
yahia SETTI
Oct 3, 2021, 6:53:32 AM10/3/21
to OpenLiteSpeed Development
Hello,
I use OLS under DirectAdmin, and I use cPguard for the security of the VPS
Since October 1st 2021, (date of the Let's Encrypt root certificate change), the WAF module doesn't work anymore and the VPS can't connect to their server to get the modsecurity rules.
I updated the root certificate following the link: https://forum.directadmin.com/threads/windows-7-chrome-let%E2%80%99s-encrypt-problems.64652/#post-336442 and also the second variant of this link (https://forum.directadmin.com/threads/windows-7-chrome-let%E2%80%99s-encrypt-problems.64652/post-336508) but unfortunately, this did not solve the problem
I opened a ticket with CPGuard and after investigation, here is their answer
Seems like the OLS package is not detecting the latest updated CA bundle yet...they may be hiding something or have some internal reference for trusted CA. Please check this with the OLS support/forum because this is not something that we can fix or we do not know what is the issue with OLS. But the error really states that the SSL in rules server is not trusted which is not true and happening only because of outdated CA bundle reference.
For information, I also have another VPS that has the same configuration except for the web server (Apache+Nginx), and I don't encounter any problem (WAF module fpnctionelle)
I use OLS under DirectAdmin, and I use cPguard for the security of the VPS
Since October 1st 2021, (date of the Let's Encrypt root certificate change), the WAF module doesn't work anymore and the VPS can't connect to their server to get the modsecurity rules.
I updated the root certificate following the link: https://forum.directadmin.com/threads/windows-7-chrome-let%E2%80%99s-encrypt-problems.64652/#post-336442 and also the second variant of this link (https://forum.directadmin.com/threads/windows-7-chrome-let%E2%80%99s-encrypt-problems.64652/post-336508) but unfortunately, this did not solve the problem
I opened a ticket with CPGuard and after investigation, here is their answer
Seems like the OLS package is not detecting the latest updated CA bundle yet...they may be hiding something or have some internal reference for trusted CA. Please check this with the OLS support/forum because this is not something that we can fix or we do not know what is the issue with OLS. But the error really states that the SSL in rules server is not trusted which is not true and happening only because of outdated CA bundle reference.
For information, I also have another VPS that has the same configuration except for the web server (Apache+Nginx), and I don't encounter any problem (WAF module fpnctionelle)
Any help is welcome .
Regards
Yahia Setti
Reply all
Reply to author
Forward
0 new messages