AutoRenew never works

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
My Provider says something is wrong with my web.config as the certificate is never renewed. I have to contact them every 3 months so they can renew it.

What can I do so the certificate will auto renew?
I have configured the challenge folder, and it can be accessed.

It produced this output:

My web server is (include version): mvc4.5

The operating system my web server runs on is (include version): Provider based

My hosting provider, if applicable,

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @DavidS, welcome to the LE community forum :slight_smile:

What is?:

The site returns:

Server: Microsoft-IIS/10.0
server: Microsoft-IIS/10.0

[which may be a spoofed response - kudos if it is!]

Which ACME client(s) have you tried using to renew the cert?

Looks like "MVC" is some kind of funky Windows thingy, so probably not that strange an IIS webserver is responding.

That said I have absolutely NO idea what MVC is, nor do I have any experience with IIS/Windows based stuff. But even so I would urge @DavidS to explain more about the exact situation of the situation. A lot more.. Because as of now, it's probably just a guessing game for many of us here. "MVC"? "web.config"? Contact the hosting provider to renew the cert? What does this "contact" entail? What does your hosting provider do to actually make it happen? Can't they make that change permanently? If they know something is wrong with your """web.config""", haven't they told you exactly what is wrong with it? Which issue does your hosting provider have with renewal?

Questions questions questions.


Thanks for responding.

MVC is just the aspnet web platform that I have built the site with. I meant to say IIS as webserver which is hosted by loopia that is the web hotell.

The web.config file is xml based settings file based in the webroot which controls configuration. I need assistance in configuring this file.

Loopias respons is this:

Thanks You have a form of URL control that prevents access to URLs such as

This URL /.well-known/acme-challenge/* must be excluded from your site in order for LE to verify the link. (Creating this folder in its directory does not help - it must be excluded in web.config or on the website).


It should be accessible yet I should not have it configured.

I'm not familiar with ACME client to try and renew the cert myself, how can I test this?
I thought only letsencrypt could issue a new cert once the mine expired

1 Like

There are several good ACME clients that run natively on Windows and integrate with IIS.
See: ACME Client Implementations - Let's Encrypt (
If you like PowerShell, try Posh-ACME.
If you're more into the full GUI expirience, then try CertifyTheWeb.

All CAs can issue certs.
LetsEncrypt is not the only CA on the Internet.
LetsEncrypt is no longer the only CA that is now offering certs for FREE.
It is however the one with the most community support and experience.

But that test file works perfectly? I can retrieve it in any case. Or is that not suppose to happen? I don't understand..

@rg305 I assume the webhosting provider has an ACME client, otherwise it wouldn't be possible for Loopias to somehow renew it manually.

@DavidS Maybe you could ask Loopias on how to actually "exclude" the path /.well-known/acme-challenge/* in web.config "or on the website"? We just don't have enough information on how the Loopias certificate systems work to help you properly.

OK, but where?
It could be from anywhere via DNS-01 - since they also control the DNS:  nameserver =  nameserver =

And how?

Beats me, we don't have enough info for that. I don't know why contacting Loopias would suddenly enable successful renewal. @DavidS hasn't told us the details on the communication between him and Loopias in that regard.

1 Like

Let me tackle that a different way...
@DavidS, Which ACME client is installed on your system?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

@DavidS, your cert will be expiring in two days.
And it now seems to be serving a less than optimal chain.
See: SSL Server Test: (Powered by Qualys SSL Labs)

If you need any help, feel free to open another topic.
Cheers from Miami :beers: