Installing a new windows server and using existing certificate

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):Ubuntu v22

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot

Someone setup a certificate on our existing Ubuntu webserver. I cannot get hold of him at the moment and we need to install a certificate on a new windows 2019 server, as well as keep the existing server as is.

Can I use the same certificate? I cannot see information on what action to take. If I can use the same, where do i get the cert from? I looked in etc/letsencrypt/live but the folder is locked, is this where ?i get the information?

I am using some software on the windows server which is asking for the following information to be able to install the certificate:

SSL certificate
original keystore/private key
Keystore password

Will I be able to retrieve this information from my current server?

Thankk you for reading this far, i would appreciate any pointers.


1 Like

It's likely possible, but unnecessary--just create a new cert on the Windows server. See:


Hello and thank you for your message.

I have managed to install certbot and follow the process but it is failing. I have installed iiS to check that port 80 reaches the server. I then stop iiS and run the certbot command:

certbot certonly --standalone

This is the error:
The Certificate Authority failed to download the challenge files from the temporary standalone webserver started by Certbot on port 80. Ensure that the listed domains point to this machine and that it can accept inbound connections from the internet.

those two points are true, as i have tested with iiS server

Is there anything else that could be stopping it?


1 Like

Here is a list of issued certificates | the latest being 2023-01-09.
Common Name (CN):
Matching Identities (SANs):

So is in the certificates, is not in the certificate.
(Which is fine if that is what you are trying to achieve or desire)

And SSL Server Test: (Powered by Qualys SSL Labs) show the certificate from 2023-01-09 being served.

1 Like

Please show the log file created by certbot.
The fact that IIS ran on port 80 doesn't imply that certbot was able to use port 80.
It should have...
But it might have had some trouble doing so.
[only the logs can tell us what went wrong with the last certbot run]


On your Windows Server, which web server software are you going to use (IIS, Apache etc)?

Is the windows server going to serve the exact same website and if so is it live or are you still just setting it up? If your DNS doesn't yet point to that server then http validation isn't going to work.

If planning to use IIS then I would suggest that you just use, which I happen to develop (other tools are available, this one is optimized for windows/IIS). In the app click New Certificate, select your IIS site, check the expected domains are listed for inclusion on the cert, click request certificate. This will only work if your domain DNS is pointing to the windows server, otherwise you need to use DNS validation (which creates a TXT record in your DNS for validation).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.