Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

Preliminary note:
I want to renew certificate for my web site (in production). I do the same operation since years. But this time, it does not work any more.
I don't know much about certificates

My domain is: yadusurf.com

I ran this command: I run letsencrypt 1.0.5 in Azure Portal
Operation :
Next, Next, select the hostname I want to renew the certificate, click "request and install certificate", wait 10 Seconds, then the following exception is shown.

It produced this output:

Server Error in '/letsencrypt' Application.

Can not find issuer 'C=US,O=Internet Security Research Group,CN=ISRG Root X1' for certificate 'C=US,O=Let's Encrypt,CN=R3'.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Certes.AcmeException: Can not find issuer 'C=US,O=Internet Security Research Group,CN=ISRG Root X1' for certificate 'C=US,O=Let's Encrypt,CN=R3'.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[AcmeException: Can not find issuer 'C=US,O=Internet Security Research Group,CN=ISRG Root X1' for certificate 'C=US,O=Let's Encrypt,CN=R3'.] Certes.Pkcs.CertificateStore.GetIssuers(Byte[] der) +429 Certes.CertificateChainExtensions.ToPem(CertificateChain certificateChain, IKey certKey) +185 LetsEncrypt.Azure.Core.Services.<RequestCertificate>d__5.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\AcmeService.cs:61 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +102 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +64 LetsEncrypt.Azure.Core.<RequestInternalAsync>d__14.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:206

My web server is (include version): Azure App Service / ASP.net Core

The operating system my web server runs on is (include version): Windows

My hosting provider, if applicable, is: Azure

I can login to a root shell on my machine (yes or no, or I don't know): I don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Azure Portal

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I don't use a certbot.

Note : Thanks for your help!

Hi @MathieuJack, and welcome to the LE community forum

I'm not sure which client that is, nor how to troubleshoot it.

If you are willing to switch your ACME client...
I can say that I've used https://certifytheweb.com/ on Windows systems without fail.

I don't know anything about your ACME Client either but this post is related to your issue.

It also happens to be from the author of the Certify The Web product that @rg305 suggested (as do I).

This is pretty old now: GitHub - sjkp/letsencrypt-siteextension: Azure Web App Site Extension for easy installation and configuration of Let's Encrypt issued SSL certifcates for custom domain names.

I'd actually primarily suggest using Azures own free certificate support if you can, otherwise there are function app tools like GitHub - shibayan/appservice-acmebot: Automated ACME SSL/TLS certificates issuer for Azure App Service (Web Apps / Functions / Containers) and GitHub - shibayan/keyvault-acmebot: Automated ACME SSL/TLS certificates issuer for Azure Key Vault (App Gateway / Front Door / CDN / others) which are really tuned for Azure.

Certify The Web does have a Deployment Task for Azure App Service, but you currently have to run that app on a Windows Server rather than in a container or cloud web app etc. There is a (linux) container version in the works which could do the same job.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.