LetsEncrypt doing something odd?
Craig Knights
NET::ERR_CERT_DATE_INVALID
Subject: kamarweb.mcglashan.school.nz
Issuer: R3
Expires on: 25 Oct 2021
Current date: 30 Sept 2021
Simon Wright
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa2V7b_kDBucQ-dtETOg75jdDUNTQH03tGnGmCuDWf8%2BuQ%40mail.gmail.com.
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
David Keenleyside
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAEJps9p%3DO6nOy4ZBPdo4_xNf_A6nLDNyzT2n4SDOnn3sRCagbw%40mail.gmail.com.
Craig Knights
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAD9kU0avWTd2T9BSzCcFqBsJPZ9Uo0nkHH2Dv_rSOv2gRiRF%2Bw%40mail.gmail.com.
Peter Lambrechtsen
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa0zEoRd%3DGZRWsibc%3DP1D3nKTgRp%2B2JgT6ADQ-ATeFNmqw%40mail.gmail.com.
Craig Knights
Craig Knights
Craig
Alistair Baird
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa3Lxg0uuMzt_zOYtf-qO5wv%2BteE_tkdQPqAyMgqwXGavQ%40mail.gmail.com.
Tracy Briscoe
This morning we had problems with Macs accessing our websites, but not windows devices.
It turned out that even though the webservers had new and old certificates for the R3 Intermediate CA, http.sys (which IIS uses to actually server the web pages) had cached the old certificate and was giving that out to clients as the path to the Root CA.
To fix the problem I had to either:
- Reboot the server
- Rebind a certificate in IIS
Doing a IIS reset didn’t cause http.sys to refresh it’s cache.
It is interesting that the problem only affected Macs. I’m guessing that windows devices had cached the newer R3 intermediate CA certificate, and used that to validate our stpeters.school.nz certificate, whereas the Macs only used what had been provided to it via the webserver.
Tracy Briscoe
Senior Network and Systems Engineer
St Peter’s School, Cambridge
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cGZSAfy3uihJxyPBf6vnFouMB7euUffEZBR%2BgrioXzWAg%40mail.gmail.com.
Note: This communication may contain privileged and confidential information intended only for the addressee named above. Any views or opinions presented are solely those of the author. If you have received this message in error, we request you delete the message and notify the sender. Please do not distribute, copy or disclose any information. This e-mail has been scanned for viruses but all liability for viruses or similar in any attachment or message is excluded.
St Peter's, Cambridge, New Zealand
Telephone: +64 7 827 9899
Website: www.stpeters.school.nz
Please consider the environment before printing this email
Craig Knights
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/779a7e6ebf934c228089b88e3834d665%40stpeters.school.nz.
Craig Knights
Craig Knights
Nick Steenson
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa22HbYYC4rZmz1LDmMRdboGJssb5MRhhGpfkAZUeADG5A%40mail.gmail.com.
Nick SteensonIT Manager |  |
Mount Aspiring College | |
T +64 (0) 3 443 0463 (Ext 222) | A 101 Plantation Rd, Wanaka, NZ, 9305 |
Kevin Campbell
Craig Knights
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CA%2B9sU%3DSYzVEFh05AUSxWB1_X-9L8rNyboQUbFh3GvteS%3DGEw8w%40mail.gmail.com.
Peter Lambrechtsen
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa3cT4x2vKaZDV_2GiuJmqWd%2BPFQHbK1JB6FiuLCeOJALA%40mail.gmail.com.
Alistair Baird
You may need to make sure the new X3 certificate is loaded into your root Certificate Authority chain, and ideally the self signed X1 one too:From here: https://letsencrypt.org/certificates/The self signed X1: https://letsencrypt.org/certs/isrgrootx1.derAnd New Root X3: https://letsencrypt.org/certs/trustid-x3-root.pem.txtWith those two certs loaded all weird problems should go away.
On Fri, Oct 1, 2021 at 11:24 AM Craig Knights <craig....@gmail.com> wrote:
the Filemaker-LetsEncrypt-Win-master bluefeathergroup.com one?i had it there from when i set it up in term1 holsit worked enoughcheers,Craig
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa2V7b_kDBucQ-dtETOg75jdDUNTQH03tGnGmCuDWf8%2BuQ%40mail.gmail.com.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAEJps9p%3DO6nOy4ZBPdo4_xNf_A6nLDNyzT2n4SDOnn3sRCagbw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAD9kU0avWTd2T9BSzCcFqBsJPZ9Uo0nkHH2Dv_rSOv2gRiRF%2Bw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa0zEoRd%3DGZRWsibc%3DP1D3nKTgRp%2B2JgT6ADQ-ATeFNmqw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cGZSAfy3uihJxyPBf6vnFouMB7euUffEZBR%2BgrioXzWAg%40mail.gmail.com.
Note: This communication may contain privileged and confidential information intended only for the addressee named above. Any views or opinions presented are solely those of the author. If you have received this message in error, we request you delete the message and notify the sender. Please do not distribute, copy or disclose any information. This e-mail has been scanned for viruses but all liability for viruses or similar in any attachment or message is excluded.
St Peter's, Cambridge, New Zealand
Telephone: +64 7 827 9899
Website: www.stpeters.school.nzPlease consider the environment before printing this email
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/779a7e6ebf934c228089b88e3834d665%40stpeters.school.nz.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa22HbYYC4rZmz1LDmMRdboGJssb5MRhhGpfkAZUeADG5A%40mail.gmail.com.
----
Nick Steenson
IT Manager
Mount Aspiring College
T +64 (0) 3 443 0463 (Ext 222)
A 101 Plantation Rd, Wanaka, NZ, 9305
W www.mountaspiringcollege.nz
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CA%2B9sU%3DSYzVEFh05AUSxWB1_X-9L8rNyboQUbFh3GvteS%3DGEw8w%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa3cT4x2vKaZDV_2GiuJmqWd%2BPFQHbK1JB6FiuLCeOJALA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-schools+unsub...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cEstqBceDha9MSFaNeCByV9Kj7stPiFTaytRWD10mCchA%40mail.gmail.com.
Craig Knights
And you may need to reboot the server for good measure. Even though I had all our certs updated and FM web worked, this morning the webserver and Apps aren't working, but the clients are all happy. I'm planning a reboot Monday. Our wifi played up only for Windows clients, all others worked, but worked after a reboot. Shutting down relevant services didn't seem enough.
On Friday, 1 October 2021, Peter Lambrechtsen <pe...@crypt.nz> wrote:
You may need to make sure the new X3 certificate is loaded into your root Certificate Authority chain, and ideally the self signed X1 one too:From here: https://letsencrypt.org/certificates/The self signed X1: https://letsencrypt.org/certs/isrgrootx1.derAnd New Root X3: https://letsencrypt.org/certs/trustid-x3-root.pem.txtWith those two certs loaded all weird problems should go away.
On Fri, Oct 1, 2021 at 11:24 AM Craig Knights <craig....@gmail.com> wrote:
the Filemaker-LetsEncrypt-Win-master bluefeathergroup.com one?i had it there from when i set it up in term1 holsit worked enoughcheers,Craig
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa2V7b_kDBucQ-dtETOg75jdDUNTQH03tGnGmCuDWf8%2BuQ%40mail.gmail.com.
DISCLAIMER
This e-mail is intended for the addressee only and may contain information which is subject to legal privilege. This e-mail message and accompanying data may contain information that is confidential and subject to privilege. Its contents are not necessarily the official view Otago Boys’ High School or communication of the Otago Boys’ High School. If you are not the intended recipient you must not use, disclose, copy or distribute this e-mail or any information in, or attached to it. If you have received this e-mail in error, please contact the sender immediately or return the original message to Otago Boys’ High School by e-mail, and destroy any copies. Otago Boys’ High School does not accept any liability for changes made to this e-mail or attachments after sending.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAEJps9p%3DO6nOy4ZBPdo4_xNf_A6nLDNyzT2n4SDOnn3sRCagbw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAD9kU0avWTd2T9BSzCcFqBsJPZ9Uo0nkHH2Dv_rSOv2gRiRF%2Bw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa0zEoRd%3DGZRWsibc%3DP1D3nKTgRp%2B2JgT6ADQ-ATeFNmqw%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cGZSAfy3uihJxyPBf6vnFouMB7euUffEZBR%2BgrioXzWAg%40mail.gmail.com.
Note: This communication may contain privileged and confidential information intended only for the addressee named above. Any views or opinions presented are solely those of the author. If you have received this message in error, we request you delete the message and notify the sender. Please do not distribute, copy or disclose any information. This e-mail has been scanned for viruses but all liability for viruses or similar in any attachment or message is excluded.
St Peter's, Cambridge, New Zealand
Telephone: +64 7 827 9899
Website: www.stpeters.school.nzPlease consider the environment before printing this email
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/779a7e6ebf934c228089b88e3834d665%40stpeters.school.nz.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa22HbYYC4rZmz1LDmMRdboGJssb5MRhhGpfkAZUeADG5A%40mail.gmail.com.
----
Nick Steenson
IT Manager
Mount Aspiring College
T +64 (0) 3 443 0463 (Ext 222)
A 101 Plantation Rd, Wanaka, NZ, 9305
W www.mountaspiringcollege.nz
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CA%2B9sU%3DSYzVEFh05AUSxWB1_X-9L8rNyboQUbFh3GvteS%3DGEw8w%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa3cT4x2vKaZDV_2GiuJmqWd%2BPFQHbK1JB6FiuLCeOJALA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cEstqBceDha9MSFaNeCByV9Kj7stPiFTaytRWD10mCchA%40mail.gmail.com.
--
--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAKQ0vHqAf0UErcX9KTyodyU8Mb%3DXws2pgXDJfXyeFSk5jUSMgQ%40mail.gmail.com.
Tracy Briscoe
Yes I had phase two this morning.
The Lets Encrypt Root Certificate is in Microsoft’s online CA store, which Windows will automatically download trusted CA certificates from.
The problem was that we follow best practice, and don’t give our servers unlimited Internet access, and hence our servers hadn’t downloaded and trusted ‘ISRG Root X1’ as a Root CA.
When I restarted our reverse proxy server the AD FS proxy wouldn’t come up until I manually added ISRG Root X1 to the trusted CA store.
Not the problem I wanted to come into today.
Regards,
Tracy Briscoe
Senior Network and Systems Engineer
St Peter’s School, Cambridge
From: techies-f...@googlegroups.com <techies-f...@googlegroups.com>
On Behalf Of Peter Lambrechtsen
Sent: Thursday, 30 September 2021 10:18 am
To: techies-f...@googlegroups.com
Subject: Re: [techies-for-schools] LetsEncrypt doing something odd?
I suspect a lot of the internet will have problems with this once the certificate expires in the next few hours.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CACJd5cGZSAfy3uihJxyPBf6vnFouMB7euUffEZBR%2BgrioXzWAg%40mail.gmail.com.
Jake Wills
Craig Knights
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/0015280b-d355-4233-889d-9f72800b1fa0n%40googlegroups.com.
Jake Wills
You received this message because you are subscribed to a topic in the Google Groups "Techies for schools" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/techies-for-schools/F5Le9nmphFc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to techies-for-sch...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa0cApXWCtEHVmyy1DdGjP959tGNkYuf0ZH0FnrufZ1hcg%40mail.gmail.com.
Craig Knights
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMCfOrwFyXpCp5ve%2BPOfWrh5TL0gMWok9EFqnS0ghkwSmOA7mQ%40mail.gmail.com.
David Keenleyside
To view this discussion on the web visit https://groups.google.com/d/msgid/techies-for-schools/CAMueQa2%2BVSiiiUQx3uWdrdcFrUOfjGfaj-GMgAJt-1i6ZCDZag%40mail.gmail.com.