List of certificates on Windows keeps growing

I have created my certificates through Winacme with auto-renewal.
Now the problem I have is that over time more and more certificates seem to be added to the Windows Certificate Store. I have no idea which one I should use now and which ones I can delete, because all are configured with an expiration in the future.
When I check out the SAN property they all hold the same domain values, EXCEPT a single one that contains more domains, which is the one with friendly name [Manual] (which I find a confusing name since I thought I had set auto-renewal to true).

Also, I'm unsure where parts of that friendly name is coming from, I think WinAcme, and if they hold any deeper meaning: [IIS] (any site), [Manual], [IIS] hw (+3 others), what is really weird about that in my opinion is that [IIS] (any site) contains a list of domainnames in the friendly URL, that are not in the SAN field of that certificate, e.g. is listed in friendly name but not in SAN.

What is the logic behind the friendly names and why are so many certificates created?

See the list here:

This is a question for the win-acme folks I'm afraid as it has almost nothing to do with Let's Encrypt itself. It does seem like you have a misconfiguration (renewing every day is pretty unusual) and you should consider checking if there are multiple scheduled tasks for win-acme (and possibly for other older version). It looks to me like you may have the same certificate renewal configured multiple times in slightly different ways. I unfortunately have no idea what certificate cleanup win-acme has but I assume it does have something.

You can ask specific win-acme questions here: Issues · win-acme/win-acme · GitHub


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.