Page 1 of 1

SSTP CA certificate option not working with Let's Encrypt

Posted: Fri Oct 01, 2021 4:20 pm
by greentea
I use Let's Encrypt certificates for my SSTP VPN server running on Windows Server 2016. Previously when LE certs were signed by DST X3 root CA (recently expired) I had the SSTP client connection set to trust certs signed by this root CA. To get this to work I combined DST X3 and the R3 intermediate CA cert into a single file (in that order) in PEM format and imported into the setting "The server's certificate must be signed by this CA" and the connection worked. With LE certs now being signed by ISRG Root X1 -> R3 chain I reissued my VPN certificate then imported a PEM file with this new cert chain in my client connection setting. However the connection always fails with error "depth: 2 error: unable to get issuer certificate (2)". I've tried switching the order of the cert chain, using just the R3 or ISRG certs only and the connection still fails. It seems that the app does not trust ISRG Root X1 but difficult to tell. Appreciate any help.

Re: SSTP CA certificate option not working with Let's Encrypt

Posted: Sat Oct 02, 2021 7:39 am
by admin
Thank you for the bug report.
The problem will be fixed in next release...

Re: SSTP CA certificate option not working with Let's Encrypt

Posted: Sat Oct 02, 2021 6:15 pm
by greentea
Thank you for the reply. I'm using the standalone SSTP client app, will this be updated?

Re: SSTP CA certificate option not working with Let's Encrypt

Posted: Mon Oct 04, 2021 8:54 am
by admin
No, I'm sorry but the old apps can't be updated anymore.

The problem has been solved in new release 1.00.92.