0

I’m in the process of provisioning a new server to host customer web sites. We migrated to SolidCP from WSP when 1.3.0 was released and that process went smoothly. This new server is running Windows Server 2016 and we are not using centralized SSL certificate store.

Almost everything appears to be working properly, but I’m having a strange issue with LetsEncrypt. I ran a series of tests to try to determine what may be happening.

I created a new website in SolidCP and made sure that DNS was propagated and working properly. I then tried to issue a certificate using the LetsEncrypt “Install Certificate” button on the SSL tab.

At first glance, this process appeared to work. A new certificate for the site appeared in the Web Hosting certificate store. SolidCP reported that the certificate was installed. However, the “Installed Certificate” tab did not appear in the interface. I clicked away from the web site in SolidCP and went back in and clicked the SSL tab. There was an existing certificate detected, which appeared when I imported it.

However, on this first attempt, the site was stopped because when Lets Encrypt added the SSL bindings to the site, it used SNI with 0.0.0.0:443 for each of the host headers.

I noticed that during the enrollment process, the app pool for SolidCP Server recycled due to high virtual memory usage, so I deleted the certificate and tried again with the same result (The pool didn’t recycle this time).

The site’s HTTP bindings were to *:80:<host header>. I changed the bindings on the site through IIS manager to the proper NAT IP address for our server and tried again. This time, the certificate installed, and LetsEncrypt set up bindings for <IP Address>:443 for each of the host headers. SolidCP still did not display the installed certificate, I had to go out and back in and import it for the certificate to show up on the SSL tab.

It appears that the LetsEncrypt client is using 0.0.0.0 to build its bindings when it sees bindings on a site for “All Unassigned”. I currently have this server configured

Have others experienced the same issue? I’d sure like to have this functionality available for customers, but want to make sure that it works without any weird problems.

Does anybody have any thoughts on what may be going wrong here?

Answered question