Cann`t renew certificate on ACMESharp


Please help!!!
For renew i did next command
Get-ACMEExtensionModule | Select-Object -Expand Name
Complete-ACMEChallenge -IdentifierRef www-example-com -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘example’ }

On this step i get error
Complete-ACMEChallenge : authorization is not in pending state; use Force flag to override this validation

What do i need do?


This post was flagged by the community and is temporarily hidden.


Yes, I started taking the first steps to changing the certificate
But already at the stage Complete-ACMEChallenge there were errors or I do not do those actions certificate?
When i did
New-ACMECertificate -Generate -IdentifierRef www-example-com -Alias cert-example1-domains
Submit-ACMECertificate -CertificateRef cert-example1-domains
I get
Submit-ACMECertificate : Error creating new cert :: authorizations for these names not found or


Looks like your validation got in a weird state.

Try adding -Refresh to your Complete-ACMEChallenge command so AcmeSharp won’t try and use the broken, cached one:

Complete-ACMEChallenge -IdentifierRef www-example-com -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘example’ } -Refresh


The trick to renewing is just to run the process again but with a different Identifier Ref passed into New-ACME Identifier. Run through the process again and you have a new certificate.


I found the right sequence of commands
Import-Module ACMESharp

New-ACMEIdentifier -Dns -Alias example1

Complete-ACMEChallenge example1 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘’ }

Submit-ACMEChallenge -IdentifierRef example1 -ChallengeType http-01

Update-ACMEIdentifier -IdentifierRef example1

New-ACMEIdentifier -Dns -Alias example11

Complete-ACMEChallenge example11 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘’ }

Submit-ACMEChallenge -IdentifierRef example11 -ChallengeType http-01

Update-ACMEIdentifier -IdentifierRef example11

New-ACMECertificate -Generate -IdentifierRef example1 -AlternativeIdentifierRefs @(‘example11’) -Alias cert-example1

Submit-ACMECertificate -CertificateRef cert-example1

Update-ACMECertificate -CertificateRef cert-example1

Get-ACMEInstallerProfile -ListInstallers

Install-ACMECertificate -CertificateRef cert-example1 -Installer iis -InstallerParameters @{
WebSiteRef = ‘

I hope that to someone else will help
thank you all for participating in the discussion


Yes, you will keep the domain name but change the alias.

New-ACMEIdentifier -Dns -Alias something-else

The alias is a name you create. It does not mean anything. It is an identifier that links some information needed by Let’s Encrypt with your domain name.

My recommendation is that you add the date to the alias. Something like:

New-ACMEIdentifier -Dns -Alias “”