Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: octopus.osvatmos.com
I ran this command:
was unable to import expired cert in certify
It produced this output:
Failed to create certificate order: Failed to begin certificate order. 2019-11-25 19:50:14.959 +00:00 [INF] Failed to create certificate order: Failed to begin certificate order.
The operating system my web server runs on is (include version):
server 2019
My hosting provider, if applicable, is:
octopus
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
im not wanting to change my bindings … so need to be able to generate the same cert as before … either new (which i cant because i get the error i posted) or be able to revew
That's impossible. You must change your binding, so the new certificate is used.
A certificate is always new. The difference between "new" and "renew" is only local (using the same configuration again), Letsencrypt doesn't know (and doesn't need to know) details about your local configuration. Letsencrypt may only see: "Ah, that's a certificate with the same set of domain names as an older certificate".
So if your local configuration doesn't work, you have to change your local configuration.
As for your client, I assume this is the octopus you’re talking about and you’re self hosting it on Windows Server 2019. If that’s the case, there are several ACMEv2 Windows clients you can choose from on the link that Juergen provided.
@dfleskes, some of the confusion in cases like this comes in because there are dozens of different software applications that people can use to request certificates from Let’s Encrypt. Sometimes on this forum we find that people are using tools that few other people on the forum are very familiar with—or at least that nobody in the specific forum thread is an expert on.
It might be helpful to make the forum thread topic start with CertifyTheWeb to attract attention of people who are more knowledgeable about this tool.
I would guess that the error is the order creation failing due to too many failed validation attempts per hour, which are failing because of the firewall timeout on port 80, as already suggested by @JuergenAuer.
Without a complete log it’s hard to tell but for Failed to begin certificate order usually the log will then go on to output an error from the Let’s Encrypt API (such as rate limit exceeded etc), unless it’s failing to contact the Let’s Encrypt API at all, in which case open a web browser on your server and check you can access https://acme-v02.api.letsencrypt.org/ - if you can’t then you are blocking outgoing https requests in windows firewall and you need to open that up first.
As noted by @JuergenAuer above your website doesn’t appear to allow http requests to port 80 and you at least need port 80 open if you are going to use http validation, if you are use DNS validation then that’s not required. I used letsdebug to check: https://letsdebug.net/octopus.osvatmos.com/81301
But checking Octopus, there is an integrated Letsencrypt solution.
Octopus 3.16 or newer can integrate with Let's Encrypt to setup and manage the SSL certificate for the Octopus Portal. When the certificate nears its expiration date, Octopus will automatically renew the certificate with no intervention required.
That's always the best solution.
Looks like you have used an older configuration with an additional client.
And the integrated Octopus-client supports ACME-v2:
Octopus 2019.10.3, 2019.9.6 LTS, 2019.6.12 LTS or newer use ACME v2, which is required after Let's Encrypt retired the v1 APIs in November 2019.
Check, if it is possible to use that integrated solution.