OldManIslander
-
Joined: 04 Jan 2022
Posts: 11
Location: Guam
|
 Posted: Tue Jan 04, 2022 2:07 am Post subject: Why Do macOS Updates Break Let's Encrypt SSL Certificates? |
 |
|
While I have privately written to the Aprelium support team on previous occasions regarding this issue, I wanted to post something publicly here in this support forum to see what kind of feedback I get. Perhaps someone here can offer me a permanent solution to this ongoing problem.
For starters, I am running the very latest version of Abyss Web Server -- Abyss Web Server X2 2.16.0.2 -- on a 2017 27" 5K iMac, currently running macOS Monterey 12.1.
The "SSL/TLS Certificates" section of the Abyss Web Server Console is properly configured and is working properly, and has been working properly for many months now.
However, there is a problem. It seems that every time I upgrade macOS to the latest version, for some reason, it is breaking, or corrupting, or something, my ACME Bot SSL certificates from Let's Encrypt, so that I cannot connect to either my main website, or to my social network -- both of which are set up on Abyss Web Server -- because Firefox throws me the usual security issue warning.
This morning I updated the iMac from macOS Montery 12.0.1 to Monterey 12.1. Immediately afterwards, the aforementioned problem happened again. In fact, according to my records, this is the 4th time now that this problem has occurred, and it always happens right after a macOS update.
To date, I have found only one way to recover from this problem. I know that it is probably not the proper way to do it, but I need to get my websites back up and running as quickly as possible, before too many visitors are turned away.
Following an old post -- which is a sticky on this site -- what I have been doing is the following:
1. Shut down Abyss Web Server
2. Delete the two certificates in Abyss Web Server/kcstore which terminate with "acme.crt".
3. Shut down my iMac completely.
Note: In other words, not just a restart, but a cold shutdown of the machine. Also, just restarting Abyss Web Server does not fix the problem.
4. Reboot iMac.
5. Wait for Abyss Web Server to automatically relaunch, because it is a Startup Item.
6. Wait for two new "acme.crt" certificates to be generated in Abyss Web Server/kcstore.
Even then, it can still take up to a few hours for the security error to disappear from Firefox.
So two questions:
1. Why does this keep happening with every single macOS update?
2. Is there an easier, more proper way to permanently resolve this issue?
Additional Notes:
1. I only have one copy of Abyss Web Server installed on my iMac. However, I do have two external USB backup drives which have complete backups of my entire internal hard drive. I back up my internal hard drive twice daily using CCC.
2. There is only one "abyss.conf" file at the top level of the "Abyss Web Server" folder.
3. On Sept. 14, 2021, the AWS support team requested that I email them a copy of my abyss.conf file so that they could examine it. I did so the following day on Sept. 15, 2021. I never received a response from them regarding whether or not they found anything unusual in the file which might be causing the aforementioned problem. However, it is possible that Google's aggressive spam filters prevented me from receiving a response from the AWS support team.
_________________
Kind Regards from Guam in the Mariana Islands
Last edited by OldManIslander on Wed Jan 05, 2022 7:52 am; edited 1 time in total |
|
