Can not renew certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: intranet.ad.stoughtoncoopbank.com

I ran this command:certbot renewal

It produced this output:Certbot can obtain and install HTTPS/TLS/SSL certificates. By default,
it will attempt to use a webserver both for obtaining and installing the
certificate.
certbot: error: unrecognized arguments: -V Renewal

I have a log but is there a way to attach it??

My web server is (include version): Apache and XAMPP
The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:Lets encrypt

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot don't know version

Today is last day before Cert expires, need help, new to this, my predecessor left without leaving any documentation on this.

There is no certbot renewal command. Did you mean to do certbot renew ?

Please also show output of this

certbot certificates
3 Likes

C:>certbot renew
Error, certbot must be run on a shell with administrative rights.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Users\fiserv\AppData\Local\Temp\1\tmpcwlkgt_o\log or re-run Certbot with -v for more details.

I tried using Powershell this time It failed also
Is there a way to send you the log file

There is nothing in the log file that will help with below error. As it notes, you need to run from a command shell with admin privileges. This is standard Windows stuff. Do you know how to do that?

As another note, the most recent cert I see for the domain you gave expired about a year ago. Can you explain more about your situation? There are other ACME Clients that are designed specifically for Windows. It may be a good time to switch away from Certbot.

4 Likes

the cert I have expires today.

I am new to certificates for INTRANET Server
My Predecessor left and there is no documentation.
I researched out I found CERTBOT on the server and tried running it to no avail. I used Command with Admin prev and also tried running poweshell.

I am using window 10 and XAMPP with apachi
.

Please advise

Poweshell -NoProfile -WindowStyle Hidden -Command "certbot renew"

is this powershell command correct?

Are you running in an elevated prompt? I don't think so but you need to be.

As for your cert, I only see one publicly issued cert for that domain name which expired a year ago. You can see your public cert history with a tool like this:

Do you access that domain name using a browser? Can you view the certificate in use? Because I don't think this Certbot system is managing that cert.

3 Likes

I see in the browser,
Issued to:
Common name: Intranet.ad.stoughtoncoopbank.com
ISSUE BY: Intranet.ad.stoughtoncoopbank.com

I am very confused

this makes no sensse

That might be a private self-signed certificate. I don't know why the expiration date would have been set so short since you can choose those arbitrarily. Do you have some other system issuing intranet certs for your company?

4 Likes

Are we even sure they're using certbot?

@acolace did you install certbot or was it there already?

3 Likes

I have no idea,
any thoughts what I would be looking for?

Can we just install or use Certbot and create a new Cert.

or do you think that the cert thats there will auto update?

already installed and at this point I don't care iif we could start from scratch

No, in fact I already said I don't think Certbot is managing this certificate.

Given this is an intranet service without any DNS A record they would have to use a DNS challenge to get a new public certificate. Or of course allow access on port 80 from the public Internet and setup an A/AAAA record.

4 Likes

Can I just remove the need of a certificate?

Why would you do that?

You only need to make a new self-signed cert.
And have Apache use that new one.

2 Likes

That's great but I don't know how, this is all new to me.

can someone tell me how to create a self sign cert

Configuring Apache with a self-signed cert for an intranet service is well beyond the scope of this forum.

Most of the helpers here are unpaid volunteers. We usually focus our efforts on helping people using Let's Encrypt certs.

Given your lack of expertise I think making a self-signed cert is just the first step you will need help with. You will be better off getting help on an Apache support forum or other place tailored to your needs.

You might even try calling your predecessor for suggestions.

3 Likes