No bindings have been changed

[fatihkizmaz]

IIIS Bindings Problem

At version 1.9.12.0 executable does not add https bindings for iis automatically when i create a new certificate in interactive mode.
It shows a warning: "No bindings have been changed"

I returned to version: 1.9.11.2 and problem disappeared.

[diaphoni]

Same issue here with same version 1.9.12.0 on Windows 2016 server.
Everything runs fine, except installing the certificate in IIS.
[WARN] No bindings have been changed
It happens both when adding new or renewing.

[WouterTinus]

Thanks for reporting this; I've added a note of caution to the 1.9.12.0 release pending investigation of this issue.

[pv2b]

Not sure if this is the exact same bug but this is broken for me in a similar way v1.9.12.1.

In my scenario, I was testing with a staging certificate which is still in place in IIS, even after trying to force a renewal:

PS C:\Users\Administrator> C:\win-acme\letsencrypt.exe

 [INFO] A Simple ACME Client for Windows (WACS)
 [INFO] Software version 1912.1.6872.39942 (RELEASE)
 [INFO] IIS version 7.5
 [INFO] ACME server https://acme-v01.api.letsencrypt.org/
 [INFO] Please report issues at https://github.com/PKISharp/win-acme

 N: Create new certificate
 M: Create new certificate with advanced options
 L: List scheduled renewals
 R: Renew scheduled
 S: Renew specific
 A: Renew *all*
 V: Revoke certificate
 C: Cancel scheduled renewal
 X: Cancel *all* scheduled renewals
 Q: Quit

 Please choose from the menu: s

 1: example.net - renew after 2018-12-25 8:55:23
 C: Cancel

 Which renewal would you like to run?: 1

 [INFO] Renewing certificate for example.net
 [INFO] Authorize identifier: example.net
 [INFO] Cached authorization result: valid
 [WARN] Using cached certificate for example.net 2018-10-31 9:56:42 . To force issue of a new certificate wi
thin 24 hours, delete the .pfx file from the CertificatePath or run with the --forcerenewal switch. Be ware that you mig
ht run into rate limits doing so.
 [WARN] Certificate with thumbprint <REDACTED> is already in the store
 [INFO] Installation step 1/2: IIS...
 [INFO] Updating existing https binding :443
 [WARN] No bindings have been changed
 [INFO] Installation step 2/2: Manual...
 [INFO] Script C:\win-acme\scripts\InstallRedacted.bat starting...
 [INFO]
C:\Users\Administrator>net stop RedactedServiceName
Tjänsten RedactedServiceName stoppas.
Tjänsten RedactedServiceName stoppades.


C:\Users\Administrator>net start RedactedServiceName
Tjänsten RedactedServiceName startar.
Tjänsten RedactedServiceName är igång.


 [INFO] Renewal for example.net succeeded
 [INFO] Next renewal scheduled at 2018-12-25 8:56:47

 N: Create new certificate
 M: Create new certificate with advanced options
 L: List scheduled renewals
 R: Renew scheduled
 S: Renew specific
 A: Renew *all*
 V: Revoke certificate
 C: Cancel scheduled renewal
 X: Cancel *all* scheduled renewals
 Q: Quit

 Please choose from the menu:

This is Windows Server 2008 R2, with IIS 7. There is only a single web site named Default Web Site. There is only a single https binding set up as per:

Type: https
IP-address: All non-assigned
Port: 443
SSL-certificate: (the wrong certificate)

It doesn't matter if I try changing from the staging LE cert to some random self-signed cert, it still won't change it over.

Current workaround in place: Manually select the correct certificate after renewal.

[WouterTinus]

I think you've hit an edge case with the default binding, I will investigate.

[WouterTinus]

This edge case should also be fixed in the next release.