Error processing certificate renewal [Manual]

My domain is: www.thomee.se

I get this e-mail every day
Renewal for [Manual] www.thomee.se failed, will retry on next run.

Error(s):

  • [www.thomee.se] Validation failed
Hosts
www.thomee.se, www1.thomee.se
Plugins
Target: Manual
Validation: FileSystem
Order: Single
Csr: RSA
Store: PemFiles
Installation: None

Log output:

Sent by win-acme version 2.1.16.1037 from VHS-TGSHOP01

We have moved www.thomee.se to an other server and host. But we still have www1.thomee.se on the server. The thing is that we are not running this version on the server anymore.

C:\win-acme>wacs.exe

A simple Windows ACMEv2 client (WACS)
Software version 2.1.20.1185 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Running without administrator credentials, some options disabled
Scheduled task looks healthy
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
No write access to all renewals: Access to the path 'C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Cmn02nQi1UeFO0P5ON9A3A.renewal.json' is denied.

N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (1 total)
O: More options...
Q: Quit

Please choose from the menu: A

Welcome to the renewal manager. Actions selected in the menu below will be
applied to the following list of renewals. You may filter the list to target
your action at a more specific set of renewals, or sort it to make it easier
to find what you're looking for.

1: [Manual] www1.thomee.se - renewed 1 time, due after 2022-8-23 15:24:53

E: Edit renewal
D: Show details for the renewal
R: Run the renewal
U: Analyze duplicates for the renewal
C: Cancel the renewal
V: Revoke certificate(s) for the renewal
Q: Back

Choose an action or type numbers to select renewals:

I need to find a way to remove this.

What happens if you run wacs.exe under an Admin account or at least one with permission to that location? I'm guessing another renewal is not being shown because of that.

3 Likes

No it's the same thing.

A simple Windows ACMEv2 client (WACS)
Software version 2.1.20.1185 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Scheduled task looks healthy
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)

N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (1 total)
O: More options...
Q: Quit

Please choose from the menu: a

Welcome to the renewal manager. Actions selected in the menu below will be
applied to the following list of renewals. You may filter the list to target
your action at a more specific set of renewals, or sort it to make it easier
to find what you're looking for.

1: [Manual] www1.thomee.se - renewed 1 time, due after 2022-8-23 15:24:53

E: Edit renewal
D: Show details for the renewal
R: Run the renewal
U: Analyze duplicates for the renewal
C: Cancel the renewal
V: Revoke certificate(s) for the renewal
Q: Back

Choose an action or type numbers to select renewals:

What happens when you Edit the Renewal? Does it allow you to remove the www name from the two host names in the renewal?

Sorry, I don't know wacs very well. I am just working off their docs and my general knowledge of how these things work.

2 Likes

As you see it's not the same renewal (Difrent names). And it's not from the same version of the program. I have removed all files, checked and try to delete everything in register, removed the scheduled task and so on. But i still get the e-mail.

The different names resolve to different IPs:

Name:    www.thomee.se
Address: 185.133.206.91

Name:    www1.thomee.se
Address: 62.20.99.23

What is the IP of the system you are using?

2 Likes

Yes, it looks like at one time you got one cert with two domain names in it. That is, the two host names I quoted. You can see your cert history here

It looks to me like your renewal config is still set to renew both of these names. So, I was suggesting you try editing the renewal to remove the name that's not on this server anymore.

Often, renewal conf files are named for just one of the domains in the cert it controls. I don't know this acme client as well but mostly that's how they work.

3 Likes

Name: www1.thomee.se
Address: 62.20.99.23

Yes,

Somewhere is there a renew but i can't find it. ANd the problem is that it's say from a version of the program that dose not exist on the server.

What happens if you type E when shown this menu (from your earlier post)

2 Likes

Nothing as this a new one. I have also deleted all and remove all files but it still send this e-mail. For me it feels like there is a server somewhere else that is trying to do this.

Is that text in the email you get? Does that server name mean anything to you?

This really seems like a quirk in win-acme. Have you tried posting on their github yet?

3 Likes

No but will do that right away then.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.