Today I had to reenter our DNS API credentials, because Certify can no longer decrypt them. I re-entered the same details as last time and it is working again. This has happened several times now.
What could be causing this problem? How can I prevent it?
Thanks,
Paul
Currently on v5.5.2.0, but also happened on previous versions.
Hi Paul,
We use the Windows Data Protection APIs to encrypt data. The data is encrypted against the service account user of the Certify service, which by default is Local System.
Running the service as a different user is not officially supported (currently). If you change the Certify service to run as a different user you must also set this back this after every update (as the installer will reset the service user to Local System). One windows user cannot decrypt the data for another windows user.
In addition certain changes to windows (resetting data protection keys or forcefully resetting the service users password) with prevent information being decrypted. This will affect stored credentials and the ACME account details (Let’s Encrypt etc).