Letsencrypt certificate auto acceptance renew on same domain?


  • Hi Friends and Devs!
    Using Letsencrypt, that renew every 3 month the SSL certificate, I would like to know if is it possible to set the automatic certificate acceptance (without user intervention) by DavX, when the domain It’s always the same,
    Perhaps limiting DavX only to a warning and not to a request for user intervention.

    This behavior (the user intervention) can cause big problems if the user is inexperienced.

    Many thanks!

    Davide

  • developer

    Hi,

    Using with Letsencrypt is no problem (we use it ourselves) and there will be no messages, if it is configured correctly. Did you

    • make sure “Distrust root certificates” is turned off (default) in DAVx⁵ settings?
    • configure the Let’s Encrypt intermediate certificate on your server?

  • @rfc2822 said in Letsencrypt certificate auto acceptance renew on same domain?:

    make sure “Distrust root certificates” is turned off (default) in DAVx⁵ settings?
    configure the Let’s Encrypt intermediate certificate on your server?

    Hi rfc2822 and thanks for your reply!
    I’ve verified the “point one” and it’s ok: turned off.
    for the point two, I will open a question on Letsencrypt forum, where I’ve a Linux VPS using Certbot+Letsencrypt, this seems the preferable way, and then I will post here, are you right?

    Thanks again!

    Davide

  • developer

    @danjde Probably yes. You can also check your certificate on https://ssllabs.com/ssltest/, especially look at the “certificate chain”.


  • @rfc2822 said in Letsencrypt certificate auto acceptance renew on same domain?:

    chain

    Hi rfc2822 and thanks again, I’ve open on Letsencrypt forum the same question (related to the certificates), now we wait to see what emerges 😉
    The “certificate chain” seems ok.

    Thanks again!

    Davide


  • Hi rfc2822,
    I’m trying to investigate the matter with the help of the Let’sEncrypt forum,
    where we have compared the two certificates and the only substantial difference we have found is that the certificate that requires user acceptance at each renewal is 4096-bit RSA key, the other (no user request) is the more common 2048-bit.

    Could this be the explanation?

    Many thanks again!

    Davide

  • developer

    @danjde Very unlikely. See also in the other thread:

    I installed DAVx5 on an Android tablet from F-Droid and I was able to establish connections to both of your domains without any certificate prompt.

    That’s what I would expect.

    Did you have a look at the certificate’s details as shown by DAVx5? Is the fingerprint correct? Maybe some kind of WiFi MITM.


  • @rfc2822 said in Letsencrypt certificate auto acceptance renew on same domain?:

    …Is the fingerprint correct? Maybe some kind of WiFi MITM.

    Now I will change certbot to certbot-auto and then upgrade to Android Pie (9.0) my two phone and then repeat the procedure.
    For now, I will try to collect clues.
    I have no other ideas 🙂

    Thanks a lot for your kind help!

  • developer

    Ok, I hope that it will help in your case.

Similar topics

  • 13
  • 8
  • 3