Renewing Let's Encrypt certificate in AKS

Hi @flammable,

Thanks for the detailed and well outlined message!

Excitingly for your firewall, that installation instruction is out of date. As of https://app-updates.agilebits.com/product_history/SCIM#v202001 we moved to the TLS-ALPN-01 challenge for Let's Encrypt, meaning the challenge can happen with TLS enabled, rather than just on an unencrypted connection. Therefore it is fine to just have 8443/443 open on a v2.2.0+ bridge. I will file an issue to update the documentation.

Regarding the failure to update, it is plausible you may be impacted by the mass https://bugzilla.mozilla.org/show_bug.cgi?id=1751984#c20 from late January 2022. Specifically, a LetsEncrypt renewal dependency used in v2.3.0 would fail in some scenarios to auto-renew for TLS-ALPN-01 challenges. We updated that dependency for https://app-updates.agilebits.com/product_history/SCIM#v203011 (issue #1947) to fix that issue. Please try updating to v2.3.1 to see if it fixes your issue. I apologise the changelog is not more detailed on that point.

If that does not resolve your renewal issue, I would recommend https://support.1password.com/contact/?o=https%3a%2f%2fsupport.1password.com%2fscim%2f for more personalised support to dig into the details. Then we can leverage non-public details to help resolve your issue.

Let me know what further questions you have!

Graham