Was trying to renew a certificate. Which I do ever 3 months for years now, but this time was different. Went through all the DNS verifications (#6) . But was unable to create new certificate do to missing private key which is lost. Don't think I had one as a file. I never enter a path for --pkfile when I created a new certificate and never remember seeing a .PEM file created.
How do I delete the old certificate which is up for renewal and create a brand new one with no private key. Should I cancel or revoke the old certificate ??
Domain: mail.xlogic.com (one of many)
I use ACMEv2 wacs.exe (version v2.1.19.1138) as my client. The certificate is used on Exchange Server 2019. The .CSR file was created from Exchange.
Also saw error message 'Error finalizing order :: signature algorithm not supported' but not sure if this is related.
2022-09-29 10:36:31.125 -04:00 [WRN] ### Cached order available but not used due to missing private key
2022-09-29 10:36:31.358 -04:00 [ERR] Error requesting certificate [Csr] c:\share\xlogicssl.req
ACMESharp.Protocol.AcmeProtocolException: Error finalizing order :: signature algorithm not supported
at ACMESharp.Protocol.AcmeProtocolClient.SendAcmeAsync(Uri uri, HttpMethod method, Object message, HttpStatusCode expectedStatuses, Boolean skipNonce, Boolean skipSigning, Boolean includePublicKey, CancellationToken cancel, String opName)
at ACMESharp.Protocol.AcmeProtocolClient.FinalizeOrderAsync(String orderFinalizeUrl, Byte derEncodedCsr, CancellationToken cancel)
at PKISharp.WACS.Clients.Acme.AcmeClient.<>c__DisplayClass46_01.<<Retry>b__0>d.MoveNext() --- End of stack trace from previous location --- at PKISharp.WACS.Clients.Acme.AcmeClient.Backoff[T](Func
1 executor, Int32 attempt)
at PKISharp.WACS.Clients.Acme.AcmeClient.Backoff[T](Func1 executor, Int32 attempt) at PKISharp.WACS.Clients.Acme.AcmeClient.Retry[T](AcmeProtocolClient client, Func
1 executor, Int32 attempt)
at PKISharp.WACS.Clients.Acme.AcmeClient.Retry[T](AcmeProtocolClient client, Func`1 executor, Int32 attempt)
at PKISharp.WACS.Clients.Acme.AcmeClient.SubmitCsr(OrderDetails details, Byte csr)
at PKISharp.WACS.Services.CertificateService.RequestCertificate(ICsrPlugin csrPlugin, RunLevel runLevel, Order order)
at PKISharp.WACS.RenewalExecutor.GetFromServer(OrderContext context)
2022-09-29 10:36:49.983 -04:00 [ERR] Create certificate failed: No certificate generated for order Main
2022-09-29 10:37:47.936 -04:00 [INF] No command line arguments provided
2022-09-29 10:37:48.020 -04:00 [INF] Software version 2.1.22.1289 (release, pluggable, standalone, 64-bit) started
2022-09-29 10:37:48.023 -04:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...
2022-09-29 10:37:48.421 -04:00 [INF] Connection OK!
2022-09-29 10:37:48.444 -04:00 [WRN] Scheduled task not configured yet
2022-09-29 10:37:48.445 -04:00 [INF] Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)