Hi Velociraptor users,
We received reports this morning that some users are experiencing Let's Encrypt Certificate revocations as discussed here
We previously did not anticipate this issue affecting us as we do not use ALPN-01 validation but it seems that some certificates were revoked regardless. If you are experiencing a "Certificate is Revoked" messages in the GUI then you can follow the following steps to rectify it:

1. Stop the velociraptor service:
sudo systemctl stop velociraptor_server
2. Remove the old cert files - here /opt/velociraptor should be your data store directory and
test.velocidex-training.com is your domain name
3. Start the velociraptor service again:
sudo systemctl start velociraptor_server
This should automatically reissue the cert.
Note that certificate revocation will only affect the GUI for sites using let's encrypt (autocert). The client communication should not be affected since clients do not use public revocation lists (CRLs).
Sites using self signed certificates are not affected at all.
Thanks
Mike
| Mike Cohen Digital Paleontologist, Velocidex Enterprises |
| | | | |
|
|