Wild card SSL Let's encyrpt frontend problem
Published 4 months ago
Published 4 months ago
Topper
Updated 4 months ago
0
Hello guys,
I have Let's encrypt wild card (*.mydomain.com) cert. Today I'd renew it, put it in SafeLine MANUAL from frontend. Subdomains works ok and shows my cert, but SafeLine WAF stopped respond on https://myserver:9443. Tried to replace in nginx/cert/ files but no luck.
Now SL WAF interface shows me "ERR_SSL_VERSION_OR_CIPHER_MISMATCH"
When challange against localhost:443 I see my cert, but when check against 9443 (SL WAF forntend)
openssl s_client -connect localhost:9443 -showcerts
CONNECTED(00000003)
140240630338880:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1552:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 283 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Respectively
curl -k -f https://localhost:1443/api/open/health
curl: (7) Failed to connect to localhost port 1443: Connection refused`
Can somebody help ?
ULemosewa
Updated 4 months ago
0
you can update SafeLine cert here and you should curl -k https://localhost:9443/api/open/health instead of 1443
Topper
Updated 4 months ago
I can't access UI frontend anymore ๐ฆ
Even tried
docker exec safeline-mgt app/mgt-cli reset-cert && docker restart safeline-mgt
ULemosewa
Updated 4 months ago
0
try this docker exec safeline-pg psql -U safeline-ce -c "delete from mgt_options where key = 'mgt_cert';" && docker restart safeline-mgt
Topper
Updated 4 months ago
docker exec safeline-pg psql -U safeline-ce -c "delete from mgt_options where key = 'mgt_cert';" && docker restart safeline-mgt DELETE 1 safeline-mgt
curl -k https://localhost:9443/api/open/health curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
ULemosewa
Updated 4 months ago
0
could you try recreate safeline-mgt?
docker rm -f safeline-mgt && docker compose up -d in install dir
Topper
Updated 4 months ago
0
Yes, that works !
curl -k https://localhost:9443/api/open/health
{"status":"ok"}
But still SSL warnging exists. That's (the original cert I suppose) is it:
ULemosewa
Updated 4 months ago
0
you can update SafeLine cert here
Topper
Updated 4 months ago
0
Mine UI is a little bit different older version LTS I suppose but when change here (attached) with mine cert .... same problem appear again. Already know how to resolve that but though is not OK ?
ULemosewa
Updated 4 months ago
0
could you provide your cert?
Topper
Updated 4 months ago
Is it safe to post it here ?
I suppose the problem comes that cert is wildcard one as: *.mydomain.com
ULemosewa
Updated 4 months ago
0
i request a wildcard cert by letsencrypt and access SafeLine 9443 port, all work good
SafeLine-xb
Updated 4 months ago
0
Alternatively, you can proxy the WAF console to avoid this issue.