The information below is what I get when I run the renwal command from the command line. Everything works fine and browsers are happy with the certs. I've been doing that manual process for years, but I'm trying to do things properly and automate the proccess. For three
months in a row, the automatically generated cert is bad. (It apparently uses a STAGING cert rather than the normal one.)
My fix each time has been to re-run the command manually (with the --force option, since it's shortly after the bad cert was generated) and then everything is fine until the automated task runs again and generates a bad cert.
I don't know what to do to debug this since (I thought) the automated script is runnings the same wacs command that the manual command uses).
I want to includes screen shots showing what an on-line ssl checker things of the bad (auto generated) and good (manually generated) certificates, but the system will only allow one embedded image. Here is the bad one
=====================================================================
My domain is: fccnaper.dynalias.org
I ran this command: wacs --renew (or in this case: wacs --renew --force)
It produced this output:
Found 7 files older than 120 days in C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates, enable Cache.DeleteStaleFiles
in settings.json to automatically delete these on each run.
A simple Windows ACMEv2 client (WACS)
Software version 2.2.9.1701 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!
Scheduled task looks healthy
Please report issues at https://github.com/win-acme/win-acme
Plugin IIS generated source fccnaper.dynalias.org with 1 identifiers
Plugin Single created 1 order
Force renewing [IIS] (any site), (any host)
Using cache for [IIS] (any site), (any host). To get a new certificate within 1 days, run with --nocache.
Store with CertificateStore...
Installing certificate in the certificate store
Replacing certificate [IIS] (any site), (any host) @ 2025/4/4 12:49:53 in store WebHosting
Installing with IIS...
No bindings have been changed while updating site 1
Next renewal due after 2025/4/29 18:03:43
Renewal for [IIS] (any site), (any host) succeeded
Sending e-mail with subject Certificate renewal [IIS] (any site), (any host) completed to peter@fales-lorenz.net
Plugin IIS generated source fccnaper.dynalias.org with 1 identifiers
Plugin Single created 1 order
Force renewing [IIS] Default Web Site, (any host)
Using cache for [IIS] Default Web Site, (any host). To get a new certificate within 1 days, run with --nocache.
Store with CertificateStore...
Installing certificate in the certificate store
Replacing certificate [IIS] Default Web Site, (any host) @ 2025/4/4 12:50:03 in store WebHosting
Installing with IIS...
No bindings have been changed while updating site 1
Next renewal due after 2025/4/29 18:03:45
Renewal for [IIS] Default Web Site, (any host) succeeded
Sending e-mail with subject Certificate renewal [IIS] Default Web Site, (any host) completed to peter@fales-lorenz.net
My web server is (include version): IIS
The operating system my web server runs on is (include version): Windows 10
My hosting provider, if applicable, is: NA
I can login to a root shell on my machine (yes or no, or I don't know): Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Found 7 files older than 120 days in C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates, enable Cache.DeleteStaleFiles
in settings.json to automatically delete these on each run.
A simple Windows ACMEv2 client (WACS)
Software version 2.2.9.1701 (release, pluggable, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!
Scheduled task looks healthy
Please report issues at https://github.com/win-acme/win-acme
Plugin IIS generated source fccnaper.dynalias.org with 1 identifiers
Plugin Single created 1 order
Force renewing [IIS] (any site), (any host)
Using cache for [IIS] (any site), (any host). To get a new certificate within 1 days, run with --nocache.
Store with CertificateStore...
Installing certificate in the certificate store
Replacing certificate [IIS] (any site), (any host) @ 2025/4/4 12:49:53 in store WebHosting
Installing with IIS...
No bindings have been changed while updating site 1
Next renewal due after 2025/4/29 18:03:43
Renewal for [IIS] (any site), (any host) succeeded
Sending e-mail with subject Certificate renewal [IIS] (any site), (any host) completed to peter@fales-lorenz.net
Plugin IIS generated source fccnaper.dynalias.org with 1 identifiers
Plugin Single created 1 order
Force renewing [IIS] Default Web Site, (any host)
Using cache for [IIS] Default Web Site, (any host). To get a new certificate within 1 days, run with --nocache.
Store with CertificateStore...
Installing certificate in the certificate store
Replacing certificate [IIS] Default Web Site, (any host) @ 2025/4/4 12:50:03 in store WebHosting
Installing with IIS...
No bindings have been changed while updating site 1
Next renewal due after 2025/4/29 18:03:45
Renewal for [IIS] Default Web Site, (any host) succeeded
Sending e-mail with subject Certificate renewal [IIS] Default Web Site, (any host) completed to peter@fales-lorenz.net
