I installed the SAN Certs in July, Should have updated the other day, with the new CERTS.
everything has been working great, until the renewal process.
There is NO registry KEY for it, of which I read that there was not going to be on future releases.
So, what is happening?
Same User and Password exist as it did when the system was set up.
Additional information provided below.
As the cert already expired (3 days ago)...
It may be a little late to renew it.
That said, do you recall how you issued the cert back in July?
You might be able to replicate those steps and buy 90 more days to figure out the automatically renewals.
If LetsEncrypt-Auto (for Windows) is like LE64.exe, then you might need to include which domains you want to renew.
Like (wrapped for legibility): LE64.exe --key my.domain.account.private.key --csr one.time.csr --csr-key my.domain.private.key --crt my.domain.public.key --domains "my.domain.tld" --path "c:\wherever\.well-known\acme-challenge" --generate-missing --unlink --live --email "your.email@address" --renew 30
And you would call it once for each certificate that you would like to renew.
(which is the exact same command I use to issue certs + “–renew 30”)
I followed a step-by-step guide on some website that I THOUGHT I had saved.
But I cannot find it in my Server/SSL favorites.
I really wish i could remember everything I did back then.
But I have had so much stuff go on, like having to re-install a 7 VM Server farm last month that took all my brain power I had left…
I will post back my findings.
Also.
Do you know WHY it would not have updated on its own?
The scheduler does a daily check at 9 AM, and it missed it?
My guess it that “letsencrypt-auto renew” is not enough to get it to work and needs more specific details.
But I haven’t used “letsencrypt-auto” on Windows.
You might want to rename this topic (or open another topic on):
How to renew using LetsEncrypt-Auto on Windows
(or something like that, should get the right attention)
Figured out issue, which caused the renew not to go through.
When I had to reinstall the VM Forest, I forgot to add into the NIC the outside NS, which I use Googles. 8.8.8.8
Once I added that in, it all went to working.
Now, I just have to get past the authentication, without getting to many fails.
Of which I just did.
So, I have to wait a while before I can get this completed.
I could have sworn there was a way to get a list of all the Challenge codes, to create the files with.
But I cannot remember how I go that either.
This is really annoying, I could have sworn I had saved all the information I had from the first time I did this.
It went so dag on smooth. This is becoming a pain in the butt.
But, I will get it, most likely tomorrow.
Got everything taken care of.
So, this was my issue.
I am running a Windows Server Farm, behind IIS ARR.
The SSL Certs are installed on the MAIN Web Server, running behind the ARR.
I then have to attached the SSL Cert to the ARR and to each individual Web Servers from there.
This is what was happening.
The router was pointing to the ARR server, and NOT to the Primary Web Server.
So, it could not update the SSL File on its given date.
However it gave me some errors at the end of the install.
So, there is NO Renewal files to check against.
So, I will most likely have to perform this same action every time.
Which it not a huge deal, since i know what needs to be done now, it will only take about 2-minutes to do the new certs.