Standalone Orchestrator UI not loading after SSL certificate was changed. Returns an HTTP 500 error .

Issue Description: Orchestrator server becomes inaccessible due to the expiration of the certificate. This leads to an inability to read the encrypted appsettings.Production.json file, which resulted in the breakdown of the UiPath Orchestrator.

This scenario arises due to the Orchestrator UiPath.Orchestrator.dll.config and Identity appsettings.Production.json being encrypted using a certificate that later expires, which results in the Orchestrator being unreachable and not functioning as expected due to the failure of setting the new certificate's thumbprint.

Resolution:

• Reinstall the expired certificate and decrypt the appsettings.Production.json file.

These steps allow to input the new certificate's thumbprint and then re-encrypt the file. The detailed steps are as follows:

1. Reinstallation of Expired Certificate: Install the expired certificate in both the 'Personal' and 'Trusted Root' tabs of Microsoft Management Console (MMC)
2. Certificate Selection in IIS: Navigate to 'IIS \ Sites \ UiPath Orchestrator \ Bindings' and select the expired certificate
3. Setting the Expired Certificate Thumbprint: Go to the appsettings.Production.json file and set the 'Thumbprint' parameter of the expired certificate's at the 'Name' section
4. Web Server Restart: Execute the 'iisreset' command in a CMD or PowerShell console to restart the web server (IIS)
5. File Decryption: Navigate to "C:\Program Files (x86)\UiPath\Orchestrator\Tools\ConfigProtector" and run the decryption command: UiPath.ConfigProtector.exe --de -f "C:\Program Files (x86)\UiPath\Orchestrator\Identity\appsettings.Production.json". Ensure to backup your file before commencing with this step
6. Editing the File: After the successful decryption of the file, you can edit it and set the new Certificate Thumbprint in the 'Name' section
7. After following the above steps, Orchestrator is observed to be functional and accessible again. As a final step, the appsettings.Production.json file should be encrypted back with the new certificate.

This Knowledge Base article has been created as a quick reference guide on how to overcome Orchestrator downtime due to an expired encryption certificate. Follow each step carefully, and always backup the files before decrypting them.