Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:certbot certonly --webroot

It produced this output:Cleaning up challenges
e[31mEncountered exception during recovery: FileNotFoundError: [WinError 2] 系統
找不到指定的檔案。: 'C:\inetpub\wwwroot\.well-known\acme-challenge\GBzv8izO
e[31mAn unexpected error occurred:e[0m
e[31mpywintypes.error: (1307, 'SetFileSecurity', '這個安全性識別碼不能被指派給這
Ask for help or search for solutions at See t
he logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more det

My web server is (include version):I don't know

The operating system my web server runs on is (include version):Windows Server 2012 R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Your site appears to be using IIS, I would suggest the easiest thing to do is use Certify The Web ( or win-acme ( to get your certificate and apply it to IIS.

The error you are seeing is because certbot is not running with elevated privileges so can't write to the wwwroot path. You can start a command prompt as Administrator to solve this but the certificate you get using certbot will not be applied to IIS without several more manual steps (or your own scripting) as certbot is mostly designed to work with Apache/nginx etc.

To complete the http challenge IIS still needs to be configured to serve extensionless text files and to be able to use the resulting certificate it still needs to be stored in the local machine certificate store and the IIS https bindings updated. The above linked apps can do this automatically.


As an aside, Server 2012 has reached the end of it's support lifetime (about 1 week ago) with Microsoft Windows Server 2012 and 2012 R2 reaching end of support - Microsoft Lifecycle | Microsoft Learn you should not use it for new projects and you should migrate any existing applications to newer OS versions.


You [and the school] should consider putting such servers behind a secure proxy.

curl -Ii4
HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 138
Content-Type: text/html; charset=utf-8
Location: /Pages/Index.aspx
Server: Microsoft-IIS/8.0
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=aug5ggvxmo4u3euqyffkv1m5; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 17 Oct 2023 04:07:25 GMT

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.