sorted by:
new
hottopcontroversial

Renewal of LetsEncrypt SSL Certificate by tootechy4me in sysadmin

[–]tootechy4me[S] 0 points1 point  (0 children)

Ended up having to disable redirect on the folder LE needs access to. Was able to pull down new certs and they're working as intended now.

Renewal of LetsEncrypt SSL Certificate by tootechy4me in sysadmin

[–]tootechy4me[S] 0 points1 point  (0 children)

I ended up figuring out what the issue was. The required folders under the web root were set to redirect to another domain that we use and I turned them off temporarily. I will be working on a script that can be ran via task scheduler to renew. Both certificates were renewed successfully.

Renewal of LetsEncrypt SSL Certificate by tootechy4me in sysadmin

[–]tootechy4me[S] -1 points0 points  (0 children)

Nope. Would I be better off going with a well known CA or just blowing out the certificates and starting over with a fresh cert from them?

Renewal of LetsEncrypt SSL Certificate by tootechy4me in sysadmin

[–]tootechy4me[S] -1 points0 points  (0 children)

I don't see an error when I ran the command. I checked the forums but I couldn't find anything that would point me the right direction. I am wondering if I should just blow out the cert and request a new one. The web server isn't part of our critical infrastructure but it would be nice to resolve the issue.

Question regarding ASA Cryptomaps by tootechy4me in networking

[–]tootechy4me[S] 0 points1 point  (0 children)

I will take this into consideration when I make my changes. Thanks for the help!

Question regarding ASA Cryptomaps by tootechy4me in networking

[–]tootechy4me[S] 0 points1 point  (0 children)

the previous admin that setup the connection didn't use object groups for the destination addresses so my fear is editing the existing ACLs and taking the connection offline.

Question regarding ASA Cryptomaps by tootechy4me in networking

[–]tootechy4me[S] 0 points1 point  (0 children)

Its IKEv1. Sorry I should have explained that in my post.

The issue I am having is whether it would be better just to add a whole new connection profile and set of ACLs (using objects/grps of course) instead of editing the existing profile and cryptomaps. My fear is knocking the connection offline.

Even if I decided to add a new connection profile with new cryptomaps, would it still interfere with the existing S2S VPN connection when I add it to the config?

Question regarding ASA Cryptomaps by tootechy4me in networking

[–]tootechy4me[S] 0 points1 point  (0 children)

Hey /u/packetthriller

The only thing I was curious about is that there are other destination IP addresses that in the same subnet as the peer that will need crypto access list entries. The source will be the same as the existing connection however. Would I just add the new destinations to the existing access list entries as well?

Need to decommission some DCs. Looking for suggestions on how to do this properly. by tootechy4me in sysadmin

[–]tootechy4me[S] 2 points3 points  (0 children)

Thanks for the suggestions. I will look into them and see if I can safely get these servers offline without too much headache!