New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to renew cert #776
Comments
Is it possible that the original site you used to create the certificate with doesn't exist anymore? |
I am running the renew from the same server I used to create the cert that is still actively hosting the same site (Exchange server). |
It seems to point to not being able to find the site it's supposed to use for validation in IIS. I'd be interested to see the contents of the registry entry for the certificate. You can try to recreate the certificate but you'd have to go with the command line to set it up with TLS validation, as it's no longer supported for mainstream usage. |
Can you explain that further? Is the win-acme program not able to find the site, or the Letsencrypt web service can't find the site? As a quick test, I did a renew on some standard IIS web sites on a different server and they were able to renew correctly, so it does appear to be something specific to this Exchange IIS instance. HKEY_LOCAL_MACHINE\SOFTWARE\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/
|
The program can't find the IIS website, and I think I can see why. Could you try removing It's definitely a bug that the registry got into this state, I'm making some changes in the next release to prevent this from happening to others. |
I tried removing those strings from the reg key, but as soon as I trigger the renewal I see them get repopulated. Is there another place I need to also remove them from? Hmm, looking at my other server that I was able to trigger a cert renew on, those registry keys don't even exist, and if I remove them from the problem server than I get no certs listed as available for renewal. Is there another config file hidden away somewhere? |
Yes I should have realised that it would happen that way, because the bug that caused it is still in there. I made a fix in 1.9.10, but if you don't want to upgrade yet, you might try another workaround, which is adding |
OK, thanks. I ended up revoking and creating a new cert and manually added it to the bindings. I'll do a test with the new versoin in a few days to see how it goes. |
Greetings,
I have a cert that was originally requested using letsencrypt-win-simple.v1.9.8.0-beta7 and had the scheduled task created to handle the renewal. I noticed recently it hadn't been working and when run manually I get the following error
I have tried using win-acme v1.9.9.0 instead, and I now get the following running with --verbose
This is running on Windows Server 2016. I am also running manually in an elevated command prompt (as admin). The current cert is valid until 27 March 2018.
Any suggestions or advice?
Thanks
Scott.
The text was updated successfully, but these errors were encountered: