Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command:
My Provider loopia.se says something is wrong with my web.config as the certificate is never renewed. I have to contact them every 3 months so they can renew it.
What can I do so the certificate will auto renew?
I have configured the challenge folder, and it can be accessed.
It produced this output:
My web server is (include version): mvc4.5
The operating system my web server runs on is (include version): Provider based
My hosting provider, if applicable, is:loopia.se
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Looks like "MVC" is some kind of funky Windows thingy, so probably not that strange an IIS webserver is responding.
That said I have absolutely NO idea what MVC is, nor do I have any experience with IIS/Windows based stuff. But even so I would urge @DavidS to explain more about the exact situation of the situation. A lot more.. Because as of now, it's probably just a guessing game for many of us here. "MVC"? "web.config"? Contact the hosting provider to renew the cert? What does this "contact" entail? What does your hosting provider do to actually make it happen? Can't they make that change permanently? If they know something is wrong with your """web.config""", haven't they told you exactly what is wrong with it? Which issue does your hosting provider have with renewal?
This URL /.well-known/acme-challenge/* must be excluded from your site in order for LE to verify the link. (Creating this folder in its directory does not help - it must be excluded in web.config or on the website).
.......
It should be accessible yet I should not have it configured.
I'm not familiar with ACME client to try and renew the cert myself, how can I test this?
I thought only letsencrypt could issue a new cert once the mine expired
There are several good ACME clients that run natively on Windows and integrate with IIS.
See: ACME Client Implementations - Let's Encrypt (letsencrypt.org)
If you like PowerShell, try Posh-ACME.
If you're more into the full GUI expirience, then try CertifyTheWeb.
All CAs can issue certs.
LetsEncrypt is not the only CA on the Internet.
LetsEncrypt is no longer the only CA that is now offering certs for FREE.
It is however the one with the most community support and experience.
But that test file works perfectly? I can retrieve it in any case. Or is that not suppose to happen? I don't understand..
@rg305 I assume the webhosting provider has an ACME client, otherwise it wouldn't be possible for Loopias to somehow renew it manually.
@DavidS Maybe you could ask Loopias on how to actually "exclude" the path /.well-known/acme-challenge/* in web.config "or on the website"? We just don't have enough information on how the Loopias certificate systems work to help you properly.
Beats me, we don't have enough info for that. I don't know why contacting Loopias would suddenly enable successful renewal. @DavidS hasn't told us the details on the communication between him and Loopias in that regard.
