SSTP CA certificate option not working with Let's Encrypt

Support requests about VPN Client Pro
Post Reply
greentea
Posts: 2
Joined: Fri Oct 01, 2021 4:04 pm

SSTP CA certificate option not working with Let's Encrypt

Post by greentea »

I use Let's Encrypt certificates for my SSTP VPN server running on Windows Server 2016. Previously when LE certs were signed by DST X3 root CA (recently expired) I had the SSTP client connection set to trust certs signed by this root CA. To get this to work I combined DST X3 and the R3 intermediate CA cert into a single file (in that order) in PEM format and imported into the setting "The server's certificate must be signed by this CA" and the connection worked. With LE certs now being signed by ISRG Root X1 -> R3 chain I reissued my VPN certificate then imported a PEM file with this new cert chain in my client connection setting. However the connection always fails with error "depth: 2 error: unable to get issuer certificate (2)". I've tried switching the order of the cert chain, using just the R3 or ISRG certs only and the connection still fails. It seems that the app does not trust ISRG Root X1 but difficult to tell. Appreciate any help.
admin
Site Admin
Posts: 810
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP CA certificate option not working with Let's Encrypt

Post by admin »

Thank you for the bug report.
The problem will be fixed in next release...
greentea
Posts: 2
Joined: Fri Oct 01, 2021 4:04 pm

Re: SSTP CA certificate option not working with Let's Encrypt

Post by greentea »

Thank you for the reply. I'm using the standalone SSTP client app, will this be updated?
admin
Site Admin
Posts: 810
Joined: Fri Feb 15, 2019 4:04 pm
Contact:

Re: SSTP CA certificate option not working with Let's Encrypt

Post by admin »

No, I'm sorry but the old apps can't be updated anymore.

The problem has been solved in new release 1.00.92.
Post Reply