-
-
Notifications
You must be signed in to change notification settings - Fork 801
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
letsencrypt.exe installs cert pfx into IIS but crashes doing the binding #2
Comments
Good idea with the manifest. I'll get that done. I thought I had fixed the error your seeing with the 1.0 build that I released yesterday. Can you confirm you're using the latest release. As a workaround to the problem you can manually add an https binding in IIS manager. The error doesn't seem to happen when it updates a binding, just on creating a new one. |
I'm getting the same error with version 1.0
|
Do you already have a different https binding setup on the same IP address? |
@lone-coder: There is nothing else bound to https on this particular server, no conflicts. |
I've found the problem and will be creating a new build soon. The certs are Yes. I'm Bryan. The paths shown are debug info to line numbers in the On Sat, Nov 14, 2015 at 4:30 PM, amlynnworth notifications@github.com
|
Okay. This should be fixed now. Give the new 1.1 release a try. Man that was some really bad error messages coming from Microsoft. I was getting the same errors in IIS manager. Only clue I found was in the event viewer. |
Certificates are now being added correctly to the 'Server Certificates' and also to the website bindings. Do you have something in place to remove old certificates after they have expired? I have not delved into the source code yet. |
I don't think I'll ever delete old certs. We have no guarantee they still aren't being used somewhere. I did start adding timestamps to the names so that we can tell them apart better. |
@lone-coder Wow! Version 1.1 worked perfectly and very quickly for me. |
Second test of 1.1 was a little trickier but worked in the end. |
Third test, this time on a Win8.1 system: perfect. It took longer to download and unzip than to request the cert and confirm it was working. i.e. super easy. Great work. |
Hi @amlynnworth, thanks for the great feedback. I've added a prompt to handle crashes better. Will be nice if renews fail to pop up and wait so user can know. On the mime type. I've mostly convinced the ACME team to switch to .txt files to avoid that problem and others. Not sure when server change will happen. Also, I'm checking the SNI box by default now on IIS 8. |
FYI I just got this error with 1.6. "System.ComponentModel.Win32Exception (0x80004005): A specified logon session does not exist. It may already have been terminated". I do have more than one site in the same IP/port, but I'm using SNI so it should be fine. Anyway, I was able to make the certificate work by binding it manually in IIS manager, so the tool helped. |
@riipah Can you check the event viewer for more info when that error hit? Also, what version of IIS are you running? |
Sorry, I can't find anything relevant in the event viewer (I checked IIS logs as well). IIS version is 8.5 (WinServer 2012 R2). I did save the console output. The last lines are:
|
I saw that same error "A specified logon session does not exist. It may already have been terminated" with v1.6 yesterday. My test was on an IIS site on Win2012 server that already had a cert in place. I was able to switch to the new LetsEncrypt cert manually without any further problems. |
What cert store was the old cert placed in? I'm wondering if changing cert On Wed, Dec 2, 2015 at 5:13 PM, amlynnworth notifications@github.com
|
@lone-coder The old cert was from cacert.org and it was in the Personal store. |
Hi i had to change the .* in the web.config file wich is created in the validation directory to . with the * |
@lone-coder I saw this error message when I already had a certificate installed in the Personal store. On the first pass, I got the error. The new certificate had been added to the Web Hosting store. I then manually switched to the new certificate and ran the tool again and it worked flawlessly. So I suspect it doesn't like an existing certificate living somewhere other than the Web Hosting store |
I tested on Win2012 server, and everything went perfectly until I said 'Y' to adding the binding automatically. Screenshot attached to show the error message. It's possible that I already had something in IIS for port 443 for the domain in question before starting, I'm not 100% sure.
Note 'Bryan' in some of the user paths in the screenshot - that is not anyone on my system.
The certificate (PFX) itself is listed as a valid certificate for the server. Probably due to the crash, when I try to manually finish the binding, after selecting the cert and clicking [ok] in IIS manager, I get this error: "Edit Site Binding: There was an error while performing this operation. Details: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)." Just FYI.
Overall, the program is much easier to use for me than 4 days ago.
One small suggestion: if you can add a manifest to letencrypt.exe to require elevated permission, it'll be even simpler to run - no need to explicitly run as admin.
The text was updated successfully, but these errors were encountered: