Categories
exacqVision Webservice Products

Let’s Encrypt Auto Renewal Fails with Redirect Enabled

Title

Let’s Encrypt Auto Renewal Fails with Redirect Enabled

Description 

If you are using Let’s Encrypt with HTTPS Redirect enabled the auto renewal can provide random internal IP addresses that fail to renew.

Product 

WebService 20.06.2.0 to current 22.03.02.0

Steps to Reproduce 

Engineering was able to Reproduce this behavior and determined that Redirect should be disabled until this is resolved.

Expected Results 

Renewal should work with HTTPS redirect enabled.

Actual Results 

Auto Renewal Fails.

Solution

If Auto Redirect is enabled then disabled it. Make sure to apply this and restart the services.
A fix will be available in the 22.06 release

See trac ticket 23194 or Jira ticket AESW-75 for additional details.

Categories
Knowledge Support Support exacqVision Webservice Categories Products

Configuring HTTPS for ExacqVision Web Service

Version 8.4 and Higher


Using the provided Web Service configuration UI you are able to configure HTTPS support.

  1. Login to the configuration Interface here: http://127.0.0.1/service.web
  2. Click on the ‘Configuration’ link in the left hand navigation bar. This will expand with more options.
  3. Click on the ‘HTTPS’ link.
  4. Click on the ‘Configure’ button.
    If you already have an SSL certificate and private key (e.g. purchased from DigiCert, Thawte, GoDaddy, etc) choose External.
    Select “Let’s Encrypt / ACME” to provision a certificate and private key automatically. NOTE: There are prerequisites that have to be met to use this option.
  5. Follow the instructions for the chosen configuration below

<br>

Configuring HTTPS using an External Certificate

IMPORTANT: Wildcard certificates cannot be uploaded through the exacqVision Web Service administration interface. However, they may be used when manually configured. See Manually Configuring HTTPS for Web Service Certificate and Key Path for details.


NOTE: Both the certificate and private key must be PEM encoded. The private key should be in RSA format.

  1. Click on the File button next to the Certificate input and select the certificate to upload.
  2. Click on the File button next to the Private Key and select the corresponding private key to upload.
  3. (Optional) If you were given a certificate chain from your certificate provider click the File button next to the Certificate Chain input and select the chain certificate to upload.
  4. Click Apply to upload the files.
  5. Follow the prompts to restart the Web Service for the changes to take effect.
  6. (Optional) Modify the External URL of your Web Service to use HTTPS.
    • This option is found under Configuration | Basic

      NOTE: If you do not see any File buttons then you are using an older browser. Instead paste the contents of each file into the large text boxes provided.

<br>

Configuring HTTPS using Let’s Encrypt / ACME Server

Please check that the following prerequisites are met before proceeding.

A. Your Web Service is configured and running on the standard port (80)
B. Your Web Service is accessible over the internet at the domain name(s) you wish to provision a certificate for.

  1. In the input under Domain Name enter the domain name you wish to provision a certificate for.
  2. (Optional) If you have any Subject Alternative Names to add to the certificate enter them into the input under Subject Alternative Name(s)
  3. Click Apply
  4. A dialog should popup with the status of your request. Provisioning a certificate may take a few minutes, please be patient.
  5. If a certificate was issued successfully follow the prompts to restart the Web Service for the changes to take effect.
    • If an error is encountered attempt to solve the underlying issue before retrying. The production Let’s Encrypt service will rate limit you if you attempt too many times in a row. See https://letsencrypt.org/docs/rate-limits/ for more information.
  6. (Optional) Modify the ExternalURL of your Web Service to use HTTPS.
    • This option is found under Configuration | Basic

<br>

Version 8.2 and Lower

Follow the instructions to manually configure HTTPS support in the Web Service.

Windows: See Article 995
Linux: See Article 946

<br>