-
-
Notifications
You must be signed in to change notification settings - Fork 809
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to store certificate: Access is denied. #1350
Comments
Hi @bret-miller, would you please run |
Hi @WouterTinus, I ran it and found that it does exist. So I'm guessing "Access is denied." is the clue here. Do you have any idea how to update the permissions? I guess I can try to Google it... |
It's mysterious why you wouldn't be able to access this store as an administrator. Strangly the error doesn't occur when opening the store, but when adding the certificate. That might just mean that the framework doesn't actually open the store until it's used, but maybe also that the add call fails (trying to overwrite something that is restricted? some group policy?) In any case I think it shouldn't be a fatal exception. The next release at least shouldn't crash on it anymore. You might end up with a broken certificate chain though, but that can be worked around by installing Let's Encrypt's intermediate certificate manually. |
Thank you. Perhaps you're right about overwriting something. The certificate is already there. At least if doesn't crash, it'll renew properly with the scheduled job rather than requiring manual intervention. |
Interesting, did you add that yourself or was that done by the program (or a previous version?) Is there maybe another admin account using the system that used the program? |
There are multiple admin accounts and it's possible it could have been a different account. I don't think I added it manually. |
I deleted the intermediate certificate that was causing the error and reissued the certificates on this server. That got me around the error. I've also updated the user on the scheduled task to match the user that created the certificates. |
It must have been a permission issue then, but I've never seem something like that before. Anyway I'm glad you were able to resolve it! |
wacs.exe no tiene permisos para guardar certificados en la carpeta de Entidades de certificación raíz de confianza y da error |
wacs.exe No se puede almacenar el Certificado acceso denegado. Me podrían ayudar a resolver este problema |
I have the same issue, resolved by remove all files in programdata\win-acme and re-import renewals. |
O used an older version and worked fine, latest win-acme.v2.2.2.1447.x64.pluggable has a bug.... |
I think the latest version win-acme.v2.2.2.1447.x86.pluggable.zip has bug. While a version before (win-acme.v2.2.1.1434.x64.pluggable.zip) |
I got this too. PEM export worked fine however and that's my primary method. |
For anyone running into this, please share the disk log from %ProgramData%\win-acme as it shows much more detail than the screen log. |
Hope this helps.
|
I confronted the same problem after upgrade. My logs is same as 12e1121's above. My environments:
Unexpected discovery, Hope these informations would give you some idea :) |
Thanks for all the input! With your help I was able to quickly find the issue and fix it. I've just created a new release 2.2.2.1 that contains the fix. |
Running on Windows Server 2019 with IIS, creating a new certificate fails to store the certificate so automatic renewals do not happen.
To Reproduce
Expected behavior
Expected it to authorize, request a new certificate, apply it to all appropriate bindings, and schedule it for renewal
Log
[INFO] Target generated using plugin IIS: swupd2019.hq.gci.org and 1 alternatives
[INFO] Authorize identifier: swupd.hq.gci.org
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: swupd2019.hq.gci.org
[INFO] Cached authorization result: valid
[INFO] Requesting certificate [IIS] site 1422078766 (any host)
[INFO] Store with CertificateStore...
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate [IIS] site 1422078766 (any host) 2020/1/15 9:09:47 to store WebHosting
[EROR] Error saving certificate to intermediate store
[EROR] (WindowsCryptographicException) Unable to store certificate: Access is denied.
[EROR] Create certificate failed: Store failed: Access is denied.
Platform:
The text was updated successfully, but these errors were encountered: