We use win-acme on a server 2012 r2.
The certificate that expired today could not be renewed.
When we start the ACME client we get the message “Initial connection failed”. The website “https://acme-v02.api.letsencrypt.org/” is pingable and accessible via a tracert. However, the page cannot be reached in Internet Explorer.
This means that we cannot request a new certificate.
We have been using this service for a few years.
There have been no changes, as the system is no longer supplied with updates anyway.
What can we check?
The Let's Encrypt API servers (without any notice) in May changed to use an ECDSA key instead of an RSA one. Your system probably doesn't have those cipher suites enabled.
There are these threads from a different Windows client, with some additional information:
Of course, if you're not getting security updates anyway, then even if you can get a certificate then you shouldn't be considering your connections "secured".
If you can't enable those cipher suites, you may be better off switching to another CA; there are several others that are also free and use ACME and should be relatively straightforward to switch to.
5 Likes
The link worked for us. Thank you very much
2 Likes