Code 429 - certificate could not be renewed

pm_wb · June 20, 2019, 4:22pm

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: electronicformswebservice.wellbridge.com

I ran this command: letsencrypt-win-simple.v1.9.7.0\letsencrypt.exe

It produced this output: code 429 (My apologies. I’m no longer able to generate the error, so I don’t have the full output).

My web server is (include version): IIS version 7.5.7600.16385

The operating system my web server runs on is (include version): Windows Server 2008 R2 Standard

My hosting provider, if applicable, is: not applicable

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.9.7.0

Hello.

On a server running Windows Server 2008 R2 Standard, a certificate was created using Let’s Encrypt (letsencrypt-win-simple.v1.9.7.0).
The certificate, set to expire on 06/19/2019, was assigned to a web service hosted by IIS.
When the certificate was created, a task was added to Task Scheduler so that the certificate would be automatically renewed.

Yesterday, 06/19/2019, applications accessing the web service crashed because the certificate had not been renewed.
When I tried to manually renew it, error 429 was returned.

Using https://tools.letsdebug.net/, I have identified multiple certificates created by Let’s Encrypt (via Task Scheduler), which explains error 429.
Since Let’s Encrypt is launched on a daily basis, there is one certificate per day since 05/16. For some reason, none of the new certificates has replaced the one that was set to expire on 06/19/2019.
By manually assigning one of these certificates to the web service, applications accessing it are working again.

Is this a known issue?
Is there something that could be done to fix it?

Thank you for your assistance.
pm_wb

JuergenAuer · June 20, 2019, 4:30pm

Hi @pm_wb

not really. 5 Certificates in 7 days, so two days without new certificates ( https://check-your-website.server-daten.de/?q=electronicformswebservice.wellbridge.com#ct-logs ).

That's

the real problem. But that may be

a problem of your configuration (or)
a problem / bug of that client.

Normally, a client should see there is already a newer certificate.

Check the documentation of your client, perhaps there is an update.

pm_wb · June 20, 2019, 5:03pm

Hello, Juergen.

Thank you for your prompt reply.

There are other certificates on the same server and they have been successfully renewed.

You'll find the configuration file at the end of the message (I haven't found a way to attach it).
None of the default settings has been changed.
Do you see a potential problem with the current settings?

Thank you.
pm_wb

<?xml version="1.0" encoding="utf-8"?> yyyy/M/d h:mm:ss tt 2048 50 60 True True [System]

system · July 20, 2019, 5:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.