Lets Encrypt Certificate - Issuing Failed

Hello Everyone,

first time parallels user her and really hyped to get away from citrix!
We did a PoC and try to Issue a Certificate via Lets Encrypt. Our Network Team told me that the prequistes are met. (port 80/443 are open)
I received the following error:



CertSettings
AcmeExpiryPeriod: '1074122422' → '30'
CertAcmeChallenges
item_0
AcmeChallengeType: '1'
AcmeTokenContents: 'FpRf0ysUKGgD8jmn3aAhnSpS8yb1njSHfw9O6yG7v0M.4itq8rHZlFem0AFQvFTl6BBUfQP4BxarheZehqmPGtE'
ID: '0'
CertAcmeStatus: '4' → '0'
CertCommonName: '<external URL>' → ''
CertFingerprint: '788A8736E4D1B03B0B3566C77F41CB53' → ''
CertKeysize: '2' → '1'
CertName: '<external URL>' → ''
CertPublicKey: '-----BEGIN CERTIFICATE REQUEST-----<Request>----END CERTIFICATE REQUEST-----' → ''
CertStatus: '5' → '2'
CertType: '3' → '0'
CertUsage: '4' → '6'

any ideas where to look? :/

 

Hi TobiasS22,
Correct, from a network standpoint port 80 is required for Lets Encrypt to fetch the challenge. Please make sure that port 80 is also enabled from the Gateway settings Farm>Secure Gateway>Properties>Network. For additional security you can also check "Only allow Let's Encrypt verification". It is also important to check if there are any redirects or reverse proxies that could break the challenge URL, and that the domain is public and match the URL users hit (confirm that you are using a publicly resolvable FQDN that points to your gateway).
Please see here for general config: https://kb.parallels.com/en/128964
If issues persist would suggest to open support ticket directly and support team can assist you with this config: https://kb.parallels.com/en/124650