Incannot get more ceerificates


#1

hello i wanted to renew my certificates and it didnt work. Check: https://crt.sh/?q=copterpixx.de

My domain is: copcopterpixx.de and leo-brokate.de

I ran this command: i use certify

It produced this output:https://pastebin.com/CEy7TgDG

My web server is (include version): iis 10

The operating system my web server runs on is (include version): Windows Server 2016

My hosting provider, if applicable, is: -

I can login to a root shell on my machine (yes or no, or I don’t know): -

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): -

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): -


#3

@webprofusion do you agree that it seems like this user appears to have their server’s clock out by around an hour (taking into account Let’s Encrypt’s 1 hour backdating of their certs) ?

Are they able to recover their certificate even though it failed to validate?


#4

Hi, as mentioned by @_az you need to correct the time on your server. You should use an internet time server or other reliable network time server, windows will do this by default with ‘Set time automatically’ enabled.

In this case your certificate request is completing successfully but because your server time is wrong the operations to create the PFX certificate file fail.

Unfortunately this error is occurring within the library that we use so we don’t have the certificate as a file at that point.

You will need to correct the time on your server then wait for the Let’s Encrypt certificate rate limits to clear, which can be up to a week, after that the app will resume the renewal as normal.

By default Certify should be emailing you to say that renewal has failed, perhaps there is a bug here (because the request succeeded but the certificate creation failed).


#5

For future Certify specific support/questions I recommend starting here: https://certifytheweb.com/docs - as I don’t get any alerts etc if you mention Certify on the letsencrypt.org forum.