Back to Community Threads
2
Stuck on Generating Certificates
Problem reported by Doug Westfall - 3/1/2024 at 12:35 PM
Resolved
I am trying to implement auto certificates.  I have followed the instructions on what documentation I could find.  Three of my certificates have generated however, I still have a bunch that are stuck in the Generating Certificates Status.  They have been stuck for days.  I submitted a ticket but I cannot have users waiting on me to get this corrected while SM Supported corresponds with me twice a day.  Any help would be great.  Thanks in advance!

17 Replies

Reply to Thread
0
John Scott Replied
3/4/2024 at 3:48 AM
You can enable an option in WHM that allows AutoSSL to replace invalid or soon-to-expire non-AutoSSL certificates. This can allow AutoSSL to generate certificates for domains stuck in Certificate Generation State.
tunnel rush
0
Doug Westfall Replied
3/4/2024 at 7:46 AM
I hope this isn't a stupid question but.....what is WHM?
0
Gabriele Maoret - SERSIS Replied
3/4/2024 at 8:35 AM
www.google.com--> WHM --> results...
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Sébastien Riccio Replied
3/4/2024 at 8:48 AM
I suspect John Scott is some AI spam bot.. answer is unrelated to SmarterMail and account created today.... I can be wrong though
Sébastien Riccio System & Network Admin https://swisscenter.com
0
Doug Westfall Replied
3/4/2024 at 9:16 AM
Thank you Sebastien!  This at least explains why the answer didn't make any sense.  The best I was able to find while searching (looking at you Gabriele) was that WHM was something used in CPanel (which I don't use).  I thought maybe I was missing something so I asked here.

I was able to get some of the certs to generate by totally clearing out queue & reverifying etc.  This however did not work on all my pending certs waiting to be generated.  Is there another way to clear those out?  Thanks again!
1
Zach Sylvester Replied
3/4/2024 at 9:18 AM
Employee Post Marked As Resolution
Hey Guys, I think John, might be talking about WHMCS but I'm not sure how that's related to this specific issue. We have a development task escalated to look into why this is happening. 
As a workaround you can do this. 

1.Detach domain. 
2. Edit domains settings.json
3. Remove everything in the Acme section so it just looks like this.  
"acme_certs": []
4. Reattach the domain. 
5. Go to Settings->Certificates toggle on and off automated certificates. 

Kind Regards, 
Zach Sylvester System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Doug Westfall Replied
3/4/2024 at 6:32 PM
Thanks Zach.  They got me fixed up!
0
Roger Replied
3/5/2024 at 1:26 PM
Hello everyone

Thanks, I've had the same problem for several weeks and Zach is working with the developers on my issue as well. I hope there will be a bugfix soon because my certificates expire in 9 days...

Greetings
0
Fatih Gülsuyu Replied
3/6/2024 at 11:59 PM
Hi,

We're experiencing a similar issue, and the Smartermail support team hasn't found a solution to this problem yet.
0
Kyle Kerst Replied
3/7/2024 at 2:33 PM
Employee Post
Hello everyone! We have some fixes and improvements coming in our upcoming release that should help on this front. Please give that a shot and let us know if you have any more trouble :-)
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Fatih Gülsuyu Replied
3/7/2024 at 3:07 PM
Hi,

I have tried the solution suggested by Zach Sylvester and it worked, however, we have approximately 900 domain names on one of our servers. It seems impractical to make this correction individually for so many domain names, unfortunately. I can try the upcoming release and share the result with you.

Best.
1
Hey Fatih. You could write a script to do it.  
Or maybe SmarterPeeps can ?
In smartermail CAN you do a mass (select all) detach ? and then a mass reattach ?
If so....
The json files appear to be just plain text files. 
Do a mass detach, Then a simple ASP script that does a do loop went through every domain directory, loaded up the settings json, looked for the first ocurrence of "acme_certs",  then found the next "[" and then the following "]"  and then rebuilt (rewrite) the settings file with just the text before "[" and the text after "]".

Heck I can see half the code already.
www.HawaiianHope.org - Providing technology services to non profit organizations, low income families, homeless shelters, clean and sober houses and prisoner reentry programs. Since 2015, We have refurbished over 11,000 Computers !
2
Roger Replied
3/8/2024 at 1:45 PM
Hello everyone

With the latest version of SmarterMail 8832 and a few optimizations from my side, it has now worked for all domains.

I had a few bindings in IIS which did not point to the local certificate store. I wrote a PowerShell script which shows which bindings are OK (green) and which are faulty (red). Run it with Powershell ISE


Import-Module WebAdministration
$sites = Get-ChildItem IIS:\Sites

foreach ($site in $sites) {
    foreach ($binding in $site.bindings.Collection) {
        if ($binding.protocol -eq "https") { # Prüfen, ob die Binding HTTPS verwendet
            $certHash = $binding.certificateHash # Extrahieren des Zertifikat-Hashs, des Zertifikat-Speichers und der Binding-Information
            $certStore = $binding.certificateStoreName
            $bindingInfo = $binding.bindingInformation

            $hostname = $bindingInfo.Split(":")[2] # Extrahieren des Hostnamens aus der Binding-Information

            # Überprüfen, ob ein Zertifikat-Speicher vorhanden ist
            if ($certStore) { 
                Write-Host "Site `"$($site.Name)`" verwendet HTTPS mit Zertifikat-Speicher: $certStore und Hostname: $hostname" -ForegroundColor Green
            } else {
                Write-Host "Site `"$($site.Name)`" verwendet HTTPS ohne Zertifikat-Speicher. Hostname: $hostname" -ForegroundColor White -BackgroundColor Red
            }
        }
    }
}
1
Fatih Gülsuyu Replied
3/9/2024 at 6:35 AM
Hi,

Thanks for advice but smartertools patched in the new release this problem, and working now

Best.
0
Roger Replied
3/9/2024 at 7:18 AM
Hello everyone

I wanted to ask. do you have an HTTPS binding in IIS without SNI or what does it look like for you?
0
Rod Strumbel Replied
3/21/2024 at 7:17 AM
Is there a way to regenerate the certificates entirely.   Something screwed up on mine and I had multiple entries for mail.mydomain.com, I tried cleaning them up manually in the IIS certificates and things got wonky on me.  I'm now missing the certificate for mail.mydomain.com entirely and that of course has broken my port bindings and everything else.  Is just on my test server at home running the free edition.   Glad I work things out there before implementing at my office enterprise version.

am on 8839
2
Rod Strumbel Replied
3/21/2024 at 8:06 AM
Think I figured it out.
For anyone running into this...

Backup your settings.json in your domain folder before starting this... just in case.

In the domains settings.json file delete everything between the square brackets following  "acme_certs":
Make sure this ends up reading
....   "acme_certs":[], ...
where the ... before and after is lots of more json coding.
Be careful you are only removing what is part of that square bracket encompassing region.
SAVE the config
[that little step I found in another post here in the Community]

Then in the web admin interface I disabled the auto certs setting
SAVE

Made sure all the certs for smartermail were removed from IIS Cert Manager
I had to manually remove smartermail.mydomain.com and webmail.mydomain.com 
Not sure if necessary, but I restarted the IIS service at this point.

Not sure if it was necessary but I restarted the SmarterMail service at this point.

Now went back into the web interface and renabled the AutoCerts feature.

It automatically regenerated the IIS certs and the certs in the listing of certificates in SmarterMail... and it created a new AutoCert for the mail.mydomain.com.   But, the same thing that caused this whole situation to begin with still exists.   There is a 2nd AutoCert for mail.mydomain.com in the AutoCerts listing that I can't find anywhere to remove it.   I have now just disabled it and will leave it at that.  Annoying but at least functional.
Back to Community Threads

Reply to Thread

Related Knowledge Base Articles

Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Troubleshooting SmarterMail Automatic SSL CertificatesSmarterMail > Troubleshooting
Integrating Existing SSL Certificates With SmarterMail Automated SSL CertificatesSmarterMail > Server Configuration and Management
Multiple Automatic SSL Certs for the Same HostnameSmarterMail > Troubleshooting
Set Up a MAPI Account in Outlook 2016 and Above for WindowsSmarterMail > Desktop and Mobile Synchronization