Hi all,
I have been generating certificates using Wincertes and Lets Encrypt for quite some time (on this server) without issue, however when I went to use it today (I run a batch file) it seems to timeout and fail after a few minutes.
It's like it can't reach the Lets Encrypt server, or doesn't receive the response.
I run the command "as administrator".
I've turned off the windows firewall.
I deleted my existing credentials in the registry, however now I get a "failed to register account ..." error.
I don't believe I have changed anything on the server since the last time I generated a certificate.
I ran this command: WinCertes.exe -e admin@farmxl.com.au -d www.farmxl.net -d farmxl.net -d www.farmxl.com.au -d farmxl.com.au -b "farmxl.com.au" -w"C:\inetpub\wwwroot\farmxl.com.au"
It produced this output: Failed to register account admin@farmxl.com.au with certificate authority https://acme-v02.api.letsencrypt.org/directory: A task was canceled.
Could not register ACME service account
My web server is (include version): IIS 10.0.17763.1
The operating system my web server runs on is (include version): Windows Server 2019
My hosting provider, if applicable, is: AWS EC2
I can login to a root shell on my machine (yes or no, or I don't know): Yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Wincertes 1.4.3
Yep same error again.
This is very weird. I'm guessing it's probably something simple, but for the life of me can't figure out what it is.
What ports need to be open? Just 80 and 443?
Yeah, to register an account, WinCertes.exe needs outbound port 443 access.
It's a bit unfortunate that the error from WinCertes doesn't distinguish between being unable to fetch that directory URL, and being unable to actually submit the registration request.
I would blame Windows Firewall but you say that it's off so .
Are you using any kind of proxy for internet access? The 'a task was cancelled' bit just means that the operation timed out, so I'd guess that takes about 20 seconds to happen. Your test in chrome indicates you can get to the API just fine, so unless you have a specific windows firewall rule for wincertes I think you might need to just to restart the machine.