Certificate expired error - but doesn't need renewed

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: Oscar.action-engineering.com

I ran this command: winacme

It produced this output: [Manual] oscartest.action-engineering.com - renewed 19 times, due after 6/22/2021 4:29:36 AM

My web server is (include version): not sure

The operating system my web server runs on is (include version): windows server 2019

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme.v2.1.6.773.x64.pluggable

I renewed the certificate for both servers on 4/28 - all went fine. on Saturday 5/8 - the client informed me that the website is reporting the certificate is invalid, I checked and it is invalid for both production and test. I checked the renewal with winacme, and it says it does not need to be renewed yet and is not expired. I try to force the renewal and get an error due to the maintenance:

(AcmeProtocolException): The service is down for maintenance or had an internal error. Check https://letsencrypt.status.io/ for more details.

don't understand why it says the certificate is expired when it is not.

thank you for any help

Let´s Encryt say:

[Update] Our apologies for trouble this extended maintenance may be causing. We're revising the completion time out to 18:30 UTC out of an abundance of caution.

At the moment Let's Encrypt servers are under maintenance, certificate APis are temporarily unavailable.

1 Like

I saw that on the status page - which explains why I can't renew - but why is my cert marked as expired in the first place - when it is not expired - I renewed it a little over a week ago on 4/28.

also I am using acmev2 not v1 - which is also confusing as to why this maintenance would affect my cert.

Your webserver is probably serving an older certificate. You might need to restart some services to get your system to use the new (renewed) certificate.

I tried rebooting both servers - which did not work - and should be the same as restarting services - or is there a different process I need to follow? any way to check which certs are being served? only one is listed in winacme...

Thank you!

(apologies for not having all details - inherited this from someone and still figuring out how he set this all up)

it also is interesting to me that both servers would have the same issue starting at the same time...

I figured out that the certificate being served was here:


and for some reason when renewing winacme was not copying the new certificate here (I checked the settings). I recreated the renewal, and it now copies the files here.

test server is now fixed, however on production I am trying to do the same thing, and it successfully copies the pix file, but not the .key file - I see this message on renewal:

No key entries found

now I can't start my web app

test does not show this - can anyone help with this last part?

got it! the winacme json file somehow had the default password set to "password" instead of null to allow user input so I could set it to none...

still all of this seems odd to suddenly show up - no problems with the other 2 renewals I did.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.