Having a problem with let's encrypt after moving from 7.5.5 to 8.1.x

It’s acting like it’s using the old cert still, but I copied the ssl.key file to the same location as the old one. Not sure where to go, the cert has been validated, but the ignition server keeps saying it’s old.Thx, Jake

Anyone have any ideas, I have iphones users freaking out cause they are the only ones that can’t bypass the certificate, android and pc’s can do it pretty easy.Thx, jake

Ignition 8 stores the SSL/TLS certificate in a different location: $IGNITION/webserver/ssl.pfx.

My guess is that you upgraded, your old certificate was moved/imported for you, and now you’re following the old directions for setting up SSL/TLS and it’s not working because that file isn’t used or looked at any more.

There’s a wizard in the gateway that makes this pretty easy now. Check here: Secure Communication (SSL / TLS) - Ignition User Manual 8.1 - Ignition Documentation

It’s not accepting the private key, Validation Error!
The Gateway could not validate this certificate.

I can’t seem to get the wizard to read anything. It’s asking for the private key pem, but when I give it to it it just says can’t validate. Not sure where to go from here.Thx, jake

Are you sure it’s the right private key for the certificate you are uploading?

If you’re really stuck and this is important you should call support.

Yeah, it’s completely broken now, once the ssl cert was removed for the other wizard we are dead. I’ll see if I can find a support number, thx.

Tried that, we don’t have phone support and management will flip out if we have to pay for support to bug fix ignition. Anyone else have any thoughts?Thx, jake

There should be some errors in the gateway logs from gateway.SslConfigRoutes or another logger. Can you upload your logs?

INFO | jvm 1 | 2021/06/01 12:56:30 | Caused by: java.security.cert.CertificateParsingException: signed overrun, bytes = 1820
INFO | jvm 1 | 2021/06/01 12:56:30 | at java.base/sun.security.x509.X509CertImpl.parse(Unknown Source)
INFO | jvm 1 | 2021/06/01 12:56:30 | at java.base/sun.security.x509.X509CertImpl.(Unknown Source)
INFO | jvm 1 | 2021/06/01 12:56:30 | at java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(Unknown Source)
INFO | jvm 1 | 2021/06/01 12:56:30 | at java.base/sun.security.provider.X509Factory.engineGenerateCertificates(Unknown Source)
INFO | jvm 1 | 2021/06/01 12:56:30 | at java.base/java.security.cert.CertificateFactory.generateCertificates(Unknown Source)
INFO | jvm 1 | 2021/06/01 12:56:30 | at com.inductiveautomation.ignition.gateway.ssl.CertificateUtil.decodeCertificates(CertificateUtil.java:90)
INFO | jvm 1 | 2021/06/01 12:56:30 | … 44 common frames omitted

I also went ahead and redid the cert manually. Everything checked out, except the same errors on ignition, it’s like ignition isn’t using cert standards anymore or something.Thx, jake

I think Ignition is expecting you to upload either PEM or DER-encoded certificates and something else is being uploaded instead.

If you want to upload your certificates (not private key, just certificates which are public info) and your logs somewhere one of us can take a quick look.

So that’s what fixed it, support called me back.Thx all, jake