Action required: Let's Encrypt certificate renewals


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:

It produced this output:

My web server is (include version):IIS

The operating system my web server runs on is (include version):Windows server 2012

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): i don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Using IIS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):let’s encrypt


Hi @Arunkumar

your server is completely offline, I see only timeouts ( ):

Domainname Http-Status redirect Sec. G -14 10.027 T
Timeout - The operation has timed out -14 10.027 T
Timeout - The operation has timed out -14 10.027 T
Timeout - The operation has timed out -14 10.027 T
Timeout - The operation has timed out -14 10.027 T
Timeout - The operation has timed out -14 10.026 T
Timeout - The operation has timed out

You have one certificate, but this has another domain name:;include_subdomains:true;

How did you create that certificate? There ( ) the


works, sends a correct 404 (file not found).



i got this email"Action required: Let’s Encrypt certificate renewals", i would like to know how to check my let’s encrypt software using TLS-SNI-01 validation? Please let me know.

Arunkumar A


Then please answer the questions:

Command - output - version.

There are different “Letsencrypt - Clients” named Letsencrypt.

How did you create your certificate?

It’s valide 2019-03-06, so it’s not critical. Check if the renew the next two times work. If yes, you can ignore the mail.



Sorry for the late reply, we are using http-01 validation, I will share my output file ASAP.


Arunkumar A


If you use already http-01 - validation, all should be fine. The problem is the tls-sni-validation, this is deprecated. So people have to switch from tls-sni to http- or dns-validation.



In the let’s encrypt we are selecting option 4 for validation that is [http-01] create temporary application in IIS(Recommended),

is this okay?


Arunkumar A


If you use http-01 validation, then it’s ok. http-01 validation is the standard method to validate a domain name.


I’ve never seen this option before.
What is the actual ACME client program name/URL?




We are creating the SSL certificate using the option number 4,

please let me know in case of any issues on this renewal.


Arunkumar A


Has option #4 [HTTP-01] worked before?

Have you tried option #1 [TLS-SNI-01]?

Have you tried option #5 [HTTP-01]?


Yes, we used to create a SSL certificate with option 4, it worked fine.

Is it okay right?


Arunkumar A


Yes, any option with HTTP-01 is ideal.
Can you try using option #5 (also HTTP-01)?

closed #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.