Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: workfolders.tundrarum.co.za
I ran this command: le64.exe -key account.key -csr domain.csr -csr-key domain.key -crt domain.crt -domains "workfolders.tundrarum.co.za" -path .\ -live
It produced this output:
[ Crypt::LE client v0.38 started. ]
Loading an account key from account.key
Loading a CSR from domain.csr
Registering the account key
The key is already registered. ID: 296083230
Current contact details: email@example.com
Successfully saved a challenge file './RE2kdsNPJAKZpKvAPhYg2et0gfQ7NYaTiyvxMEZ-17w' for domain 'workfolders.tundrarum.co.za'
Domain verification results for 'workfolders.tundrarum.co.za': error. Fetching http://workfolders.tundrarum.co.za/.well-known/acme-challenge/RE2kdsNPJAKZpKvAPhYg2et0gfQ7NYaTiyvxMEZ-17w: Timeout during connect (likely firewall problem)
Challenge file './RE2kdsNPJAKZpKvAPhYg2et0gfQ7NYaTiyvxMEZ-17w' has been deleted.
All verifications failed
My web server is (include version): IIS HWC for WorkFolders
The operating system my web server runs on is (include version): Windows Server 2019
My hosting provider, if applicable, is: Self-Host
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you're using Certbot): LE client v0.38
I'm having a problem with the challenge. How do I automate the renewal? It is not a normal website IIS, it is a hostable web core and doesn't provide a normal web interface. If I use a DNS challenge each time, I can't automate the renewal as I have to update O365 DNS TXT records. I thought the account key and CSR were supposed to work around that after the first use