Let's encrypt renewal stopped working with Simply.com

certwee · February 26, 2023, 4:24pm

Have had three certificates working fine, but the other day all three returned with

Powershell/PoshACME DNS :: Error: Unable to connect to the remote server at Get-SimplyTXTRecord, C:\Program Files\CertifyTheWeb\Scripts\DNS\PoshACME\Plugins\Simply.ps1: line 225
at Add-DnsTxt, C:\Program Files\CertifyTheWeb\Scripts\DNS\PoshACME\Plugins\Simply.ps1: line 29
at <ScriptBlock>, <No file>: line 33

I’ve looked at the script and https://api.simply.com/2/ is up-and-running, so I’m a bit lost as to what the issue is. Anyone experienced this?

webprofusion · February 27, 2023, 2:10am

Hi,

Checking their endpoint using Qualsys it looks like they have pretty strict TLS and they only support TLS 1.2:
https://www.ssllabs.com/ssltest/analyze.html?d=api.simply.com&hideResults=on

This could affect communication if your server doesn’t have TLS1.2 enabled (or if a common cipher can’t be found). I’d only expect to see that on Server 2012 or lower though, which version of Windows are you using?

webprofusion · March 3, 2023, 12:21am

Looks like you got this fixed, never heard of Portmaster before but yes, firewall tools will block outgoing https as well as incoming. PoshACME\Simply.ps1 stopped working · Issue #480 · rmbolger/Posh-ACME · GitHub