Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:library.hkmlcps.edu.hk
I ran this command:certbot certonly --webroot
It produced this output:Cleaning up challenges
e[31mEncountered exception during recovery: FileNotFoundError: [WinError 2] 系統
找不到指定的檔案。: 'C:\inetpub\wwwroot\.well-known\acme-challenge\GBzv8izO
xvXaz7o-MvPk7lJAbN-MSoX0jOJFLn_U73Y'e[0m
e[31mAn unexpected error occurred:e[0m
e[31mpywintypes.error: (1307, 'SetFileSecurity', '這個安全性識別碼不能被指派給這
個物件的擁有者。')e[0m
Ask for help or search for solutions at https://community.letsencrypt.org. See t
he logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more det
ails.
My web server is (include version):I don't know
The operating system my web server runs on is (include version):Windows Server 2012 R2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Your site appears to be using IIS, I would suggest the easiest thing to do is use Certify The Web (https://certifytheweb.com) or win-acme (https://www.win-acme.com/) to get your certificate and apply it to IIS.
The error you are seeing is because certbot is not running with elevated privileges so can't write to the wwwroot path. You can start a command prompt as Administrator to solve this but the certificate you get using certbot will not be applied to IIS without several more manual steps (or your own scripting) as certbot is mostly designed to work with Apache/nginx etc.
To complete the http challenge IIS still needs to be configured to serve extensionless text files and to be able to use the resulting certificate it still needs to be stored in the local machine certificate store and the IIS https bindings updated. The above linked apps can do this automatically.