We are simultaneously opening a ticket with Epicor. At 6 AM (EST) time today, all of our web clients (and clients) were no longer able to connect to our on-prem. Server Epicor (2024.2.9).
We have valid certificates and have tried to redeploy the Application Server. We are getting the attached screen error.
Things we have tried:
Rebooting the Server
Redeploying the Application Server
Re-installing the valid SSL CERT and then redeploying.
Cert and chain is valid with GoDaddy
Note: Cert had been validated and works with our on-prem Exchange and Web Server.
As of now, we are shut-down. Will be following up here and when we hear from Epicor. THANKS in advance!
man, I feel for you. Best of luck solving it quickly!
Is there any chance that there are more than one valid certs that answer to the hostname of the server? We had something similar when I renewed a cert but failed to remove the old one immediately (overlap of valid dates and hostnames).
@MikeGross Thank you, I checked with our Sr. IT Director, he has told me that he removed all invalid certs from the server months ago, this is the only cert on this server and it is valid.
Sorry for the dumb question, but has anything changed recently?
I’ve seen a lot of TLS/SSL related errors before, but I haven’t seen one quite like this. Recently had an issue where ESET was replacing certificates for some reason. So, weird things can/do happen.
Did you check the server event log? If there was a duplicate cert, for example, that would show up there. What about checking the bindings manually in IIS? You don’t have to redeploy to change the cert if you do it via IIS.
Edit: Another thought… what’s listed in the Key Usage? At a minimum, you would need Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment
The first thing I check is to hit the app server with https://{appServerName} without your instance. This will tell you if the cert is working at the server. If not, open the IIS Manager and make sure that the correct cert is bound to port 443.
If that’s good, then you know it’s a part of your Epicor Admin Console setup.
Thank you! We just checked the binding and you were right! For some reason the SSL binding for port 443 just disappeared? Who knows and we have no idea why. Typical answer “We did nothing to the server that would have caused this.” ha! Funny thing we have two app servers and the exact same thing happened to both servers overnight.
Thank you again! Beers around when we finally get to meet you!
man, I feel for you. Best of luck solving it quickly!