Some users of Kerio Connect may encounter difficulties when trying to renew/generate the Let's Encrypt certificate. Despite ensuring that port 80 is open, the issue persists. This problem can be identified by an inability to renew the Let's Encrypt certificate, even when all other settings appear to be correct.
To resolve this issue, you need to temporarily adjust the security policy to No restriction. Here are the steps to do so:
- Open Kerio Connect administration interface.
- Navigate to the Security Policy settings.
- Change the security policy to No restriction > Apply.
- Try to renew the Let's Encrypt certificate again - this time it should be successful
- Revert the change in step 3 to the previous value > Apply.
The reason for this procedure lies in the Let's Encrypt implementation, as there are some timeouts configured on the Let's Encrypt side. As a general rule of thumb, if the domain had already been recently authorized (i.e: a cert or renewal succeeded), the renewal succeeds. Otherwise, it fails unless the above steps are followed.
Always remember to change the security policy back to its original setting after the renewal process is complete.
What if changing the security policy to 'No restriction' doesn't solve the problem?
If adjusting the security policy doesn't resolve the issue, it's recommended to contact Kerio Connect support for further assistance.
Is it safe to change the security policy to 'No restriction'?
While it's generally safe for a short period, it's important to change the security policy back to its original setting after the renewal process is complete to maintain security.
What does the Let's Encrypt certificate do?
The Let's Encrypt certificate is a free, automated, and open certificate authority that provides SSL/TLS certificates to enable secure HTTPS connections for websites.