Let's Encrypt revocations

Mike Cohen

unread,

Jan 30, 2022, 6:42:39 PM1/30/22

to velociraptor-discuss

Hi Velociraptor users,

We received reports this morning that some users are experiencing Let's Encrypt Certificate revocations as discussed here

https://community.letsencrypt.org/t/2022-01-25-issue-with-tls-alpn-01-validation-method/170450

We previously did not anticipate this issue affecting us as we do not use ALPN-01 validation but it seems that some certificates were revoked regardless. If you are experiencing a "Certificate is Revoked" messages in the GUI then you can follow the following steps to rectify it:

1. Stop the velociraptor service:

sudo systemctl stop velociraptor_server

2. Remove the old cert files - here /opt/velociraptor should be your data store directory and test.velocidex-training.com is your domain name

sudo rm /opt/velociraptor/test.velocidex-training.com

3. Start the velociraptor service again:

sudo systemctl start velociraptor_server

This should automatically reissue the cert.

Note that certificate revocation will only affect the GUI for sites using let's encrypt (autocert). The client communication should not be affected since clients do not use public revocation lists (CRLs).

Sites using self signed certificates are not affected at all.

Thanks

Mike

Mike Cohen
Digital Paleontologist,
Velocidex Enterprises

M ‭+61 470 238 491‬

E mi...@velocidex.com

Xavier Mertens

unread,

Nov 30, 2022, 6:43:24 AM11/30/22

to velociraptor-discuss

I have my certificate expired:

velociraptor.bin: error: frontend: starting frontend: x509: certificate has expired or is not yet valid: current time 2022-11-30T11:41:26Z is after 2022-10-18T14:00:04Z

I tried to delete the file form /opt/velociraptor/ like I did multiple times and today... does not work!?

Any tip?

/x

Mike Cohen

unread,

Nov 30, 2022, 6:54:10 AM11/30/22

to Xavier Mertens, velociraptor-discuss

This is unlikely to be the lets encrypt certificate because they automatically renew - probably your velociraptor certs are expired

See this https://docs.velociraptor.app/knowledge_base/tips/rolling_certificates/

Thanks

Mike

Mike Cohen
Digital Paleontologist,
Velocidex Enterprises

E mi...@velocidex.com

--
You received this message because you are subscribed to the Google Groups "velociraptor-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to velociraptor-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/velociraptor-discuss/1f056bc0-8724-4f9f-befd-fbc1e59a481an%40googlegroups.com.

Xavier Mertens

unread,

Nov 30, 2022, 7:10:22 AM11/30/22

to velociraptor-discuss

Yeah, my bad! I renewed it... Sorry for the noise, still fighting with my "labels" issue :(

Reply all

Reply to author

Forward