Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:library.hkmlcps.edu.hk
I ran this command:certbot certonly --webroot
It produced this output:Cleaning up challenges
e[31mEncountered exception during recovery: FileNotFoundError: [WinError 2] 系統
e[31mAn unexpected error occurred:e[0m
e[31mpywintypes.error: (1307, 'SetFileSecurity', '這個安全性識別碼不能被指派給這
Ask for help or search for solutions at https://community.letsencrypt.org. See t
he logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more det
My web server is (include version):I don't know
The operating system my web server runs on is (include version):Windows Server 2012 R2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot):
Your site appears to be using IIS, I would suggest the easiest thing to do is use Certify The Web (https://certifytheweb.com) or win-acme (https://www.win-acme.com/) to get your certificate and apply it to IIS.
The error you are seeing is because certbot is not running with elevated privileges so can't write to the wwwroot path. You can start a command prompt as Administrator to solve this but the certificate you get using certbot will not be applied to IIS without several more manual steps (or your own scripting) as certbot is mostly designed to work with Apache/nginx etc.
To complete the http challenge IIS still needs to be configured to serve extensionless text files and to be able to use the resulting certificate it still needs to be stored in the local machine certificate store and the IIS https bindings updated. The above linked apps can do this automatically.
As an aside, Server 2012 has reached the end of it's support lifetime (about 1 week ago) with Microsoft Windows Server 2012 and 2012 R2 reaching end of support - Microsoft Lifecycle | Microsoft Learn you should not use it for new projects and you should migrate any existing applications to newer OS versions.
You [and the school] should consider putting such servers behind a secure proxy.
curl -Ii4 library.hkmlcps.edu.hk
HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=aug5ggvxmo4u3euqyffkv1m5; path=/; HttpOnly
Date: Tue, 17 Oct 2023 04:07:25 GMT
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.