NET::ERR_CERT_REVOKED

[adviserportals]

All websites using lets proxy are now showing NET::ERR_CERT_REVOKED

It looks like this may be related to this thread - https://community.letsencrypt.org/t/questions-about-renewing-before-tls-alpn-01-revocations/170449/9

Apparently, Let's Encrypt revoked all certificates using TLS-ALPN-01

Is it possible to reissue the certificates using Let's Proxy?

Thanks for your assistance.

[rekby]

Lets-proxy can't detect cert revoke them itself, but you can:

1. Replace lets-proxy with latest binary from releases (very old version used old oid and doesn't work now).
2. Drop all certificates from cert storage folder.

Then certificates re-issued as usual - with first connection. Sometime it may take a hour (if old version try to issue expired/new certificate and reach rate limit for the domain).

[adviserportals]

I'm using this version - https://github.com/rekby/lets-proxy2/releases/download/v0.23.14/lets-proxy_linux_amd64-go1.14.tar.gz

I assume the latest version would be lets-proxy_linux_amd64-go1.10.tar.gz ?

Do I just truncate the entire storage folder?

Thanks for your help.

[rekby]

Try lets-proxy_linux_amd64.tar.gz (it compile with latest golang), if it will not start (for old systems) - then use version with suffix -go1.10.

Do I just truncate the entire storage folder?

Yes, you can. But I prefer move out content storage folder or backup it.

[adviserportals]

Thanks for the info. I went for the lets-proxy_linux_amd64-go1.10.tar.gz version and removed the old storage folder.

Seems to be working so far, so thanks for your prompt response and guidance.

[adviserportals]

I've implemented the new version and in the main this works.

For some websites, I get the following error (see screenshot).

If I close Chrome and re-open then it works.

Do you have an idea why this happens and how to prevent it?

[rekby]

I don't have ideas right now.