Problem renewing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: t7.vc

I ran this command: certbot renew (and others like it like trying to specify a webroot)

It produced this output: C:\windows\system32>certbot renew
Saving debug log to C:\Certbot\log\letsencrypt.log

Processing C:\Certbot\renewal\leat.xyz.conf

Renewing an existing certificate for leat.xyz and 3 more domains
Failed to renew certificate leat.xyz with error: Missing command line flag or config entry for this setting:
Input the webroot for leat.xyz:

All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\leat.xyz\fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

My web server is (include version): nodejs

The operating system my web server runs on is (include version): windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 1.24.0

Did you do this?

certbot renew --cert-name leat.xyz -w /path/to/webroot

Please show:

Did you modify that file at any point?

When using nodejs the (-w webroot) is just where the server script resides? I tried:

certbot -v renew --cert-name leat.xyz -w D:\Server
Saving debug log to C:\Certbot\log\letsencrypt.log

Processing C:\Certbot\renewal\leat.xyz.conf

Certificate is due for renewal, auto-renewing...
Plugins selected: Authenticator webroot, Installer None
Renewing an existing certificate for leat.xyz and 3 more domains
Performing the following challenges:
http-01 challenge for leat.xyz
http-01 challenge for t7.vc
http-01 challenge for www.leat.xyz
http-01 challenge for www.t7.vc
Using the webroot path D:\Server for all unmatched domains.
Cleaning up challenges
Encountered exception during recovery: FileNotFoundError: [WinError 3] The system cannot find the path specified: 'D:\Server\.well-known\acme-challenge\wy9fp5Qns46m3B-Jo3B8vBUMAfmC87jvD_Z1EMnx2tw'
Failed to renew certificate leat.xyz with error: (1307, 'SetFileSecurity', 'This security ID may not be assigned as the owner of this object.')

All renewals failed. The following certificates could not be renewed:
C:\Certbot\live\leat.xyz\fullchain.pem (failure)

1 renew failure(s), 0 parse failure(s)
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more details.

No, I went in and looked at it is all.

No idea if nodejs even has the concept of a webroot. How did you get the certificate the first time?

I will repeat myself [only once]:

# renew_before_expiry = 30 days
version = 1.24.0
archive_dir = C:\Certbot\archive\leat.xyz
cert = C:\Certbot\live\leat.xyz\cert.pem
privkey = C:\Certbot\live\leat.xyz\privkey.pem
chain = C:\Certbot\live\leat.xyz\chain.pem
fullchain = C:\Certbot\live\leat.xyz\fullchain.pem
# Options used in the renewal process
[renewalparams]
account = dbfa6939cc229632eaf998906c089039
authenticator = webroot
server = https://acme-v02.api.letsencrypt.org/directory

I see:

But it seems to be missing the webroot directory path.

Yeah I think I'm going to end up having to make a new one as it expires in a few days and I can't figure that part out.

What is the webroot path for that site?
It seems to be trying: D:\Server

That is where the the server resides yes. But there is no .well-known directory maybe I deleted it on accident?

Try recreating the challenge path and add a test file there:
mkdir D:\Server\.well-known
mkdir D:\Server\.well-known\acme-challenge
echo "test-file-1234" > D:\Server\.well-known\acme-challenge\Test_File-1234

Then we can try accessing it from the Internet:
http://leat.xyz/.well-known/acme-challenge/Test_File-1234

Done. But I don't have that path available in my nodejs sever code and so I get "Cannot GET /.well-known/acme-challenge/Test_File-1234" should I make that path public?

It sounds like it should be made public [via HTTP].

Done I think its public now. -> http://leat.xyz/.well-known/acme-challenge/Test_File-1234

I get:

curl http://leat.xyz/.well-known/acme-challenge/Test_File-1234
Found. Redirecting to https://leat.xyz/.well-known/acme-challenge/Test_File-1234

ACME challenge request don't need to be secure - no need to redirect them to HTTPS.
And the https redirection returns nothing.

Hmm odd. I removed the redirect of http to https and tested the link on my cell data and it is working now I hope. When you say "ACME challenge request don't need to be secure" do you mean they cannot be or just don't need to be. Thank you for all this help btw!

The HTTP challenges are made to HTTP so should be handled there. There is no need to redirect them to HTTPS although as long as your HTTPS is setup properly it will work. Details about redirects are here:

Thanks again, after I set that up I was able to renew the certs with

certbot renew --webroot -w D:\Server\