Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Let's Encrypt Certificate Not Showing Renewed Certificate

 

Information

 

Summary:

Virtual service (VS) not using renewed Let's Encrypt certificate

Environment:

Product: LoadMaster

Version: 7.2.54

Platform: Any

Application: Any

Question/Problem Description:

A virtual service configured and using a Let's Encrypt certificate. It shows that the certificate renewed when it was supposed to, but the virtual server was still presenting the old certificate 30 days later when the old certificate eventually expired.

Steps to Reproduce: Have a Let's Encrypt certificate already issued and assigned to a VS.  Navigate to Certificate & Security > Let's Encrypt Certs.  In there, click the Renew button on the right-hand side.  After it renews, you can navigate to the web page via browsers search bar.  Click on the security settings and investigate the certificate details, the old timestamp will be showing for the expiration and not the newly renewed timestamp.
Error Message:  
Defect Number: LM-1285
Enhancement Number:  
Cause: There is an issue with the VSSLproxy process on the LoadMaster
Resolution: This is to be fixed in the .59 release of LoadMaster
Workaround:

Disable and re-enable the VS:

Within the VS, under Basic Properties deselect and re-check Activate or Deactivate Service

or

Un-assign and re-assign the certificate:

Within the VS, under SSL Properties highlight the certificate in question under "Assigned Certificates" and click the left arrow and then click "Set Certificates".  Afterwards under "Available Certificates" highlight the certificate you want to assign and click the right arrow and then click "Set Certificates"

Please take note, both of these will be service impacting and cause a few seconds of interruption.

Notes: SSL Accelerated Services – Kemp Support (kemptechnologies.com)

Comments