For ADFS server, I obtained the certificate in July 2020. No issue with the renewal which is set by task scheduler to run daily. It was working fine till 4th Sep 2020. From 5th Sep the daily renewal task failed and I looked at the log. Here is the screenshot of the error.
I did not change anything within the server. Had to restart after installing few updates in Sep 2020. Appreciate, if you can look at the error and let me know how to fix.
Thanks
Ram
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: ramlan.ca
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I've done some checking and don't see any imminent reason why your renewal should fail. We'll keep looking though.
The reason the renewal task was working fine until then was because your certificate was not yet 60 days old, so the renewal task was not attempting to acquire a new certificate.
Your ADFS server is serving the wrong certificate. It is also using an obsolete cipher suite and serving mixed content (referenced content that is not served over https). These issues should not prevent renewal of the correct certificate though.
This is a lab environment and not production. So, I will wait for the renewal to complete next month. If the renewal fails what option do, I have - that is create a new certificate request or try to renew the certificate through acme?
You are currently use win-acme, so you are using an ACME client for your acquisitions and renewals. This process should be no different in mechanics than when you acquire a new certificate. Renewal fails = new fails. Can you create a file named "test" (with no extension) containing the phrase "Let's Encrypt" in /.well-known/acme-challenge/ in your webroot directory? This will let us test access to that.
There is nothing inside the folder. Just a single file called index.html. I created this folder during certificate request so that the request will complete successfully.
So with this setting the renewal should work? Can, I try using acme command?