Remove a certificate on Windows 2016 Server


#1

I issued a LetsEncrypt cert for the domain webwellprofits.com on IIS. Later on, I needed a wildcard cert and LetsEncrypt didn’t support them yet, so I had to purchase one.

Now I can’t get LetsEncrypt to quit trying to renew the old cert. I can’t find where to remove it from the scheduled task that kicks off to renew.

When it attempts to renew and fails, it removes my wildcard cert from the site. Then I have to manually go in and specify the wildcard cert again.

This site is running on Windows Server 2016.

How do I stop it?


#2

There should probably be a scheduled task for that:

start
run
taskschd.msc


#3

There is a scheduled task. It needs to keep running to renew the other certificates on the server.

I don’t know how to remove just this one from the task list. I don’t see it in the task.


#4

What is/are the action(s) of the task?


#5

The action is Start a Program.
The parameters are: --renew --baseuri “https://acme-v01.api.letsencrypt.org/


#6

Hi @psherwood

Letsencrypt supports wildcard certificates if you have a client that supports the v2.

So this isn’t a reason to buy a certificate.

Perhaps you should use another client.


#7

What program is it starting? Ultimately, you’re going to need to check the documentation for the client you’re using about how to remove a certificate from its list to renew. But folks can’t help point you to that documentation until we can figure out what client you’re actually using.

@JuergenAuer is also correct that you can now get wildcard certs from Let’s Encrypt. However, it requires using DNS validation which you may or may not be ready to use depending on the client you pick, your DNS provider, and the client’s available plugins.


#8

I needed the cert before LetsEncrypt supported them. This was last year sometime that I purchased it.


#9

The program the task is starting is:
C:\Letsencrypt\letsencrypt.exe


#10

There may be a configuration fil in the C:\Letsencrypt folder that may explain this behavior.


#11

There’s an XML file in the folder but it just has some LetsEncrypt settings. Nothing about the certificates.


#12

programming : C:\Letsencrypt


#13

Found that I can remove the site in HKEY_CURRENT_USER\SOFTWARE\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/.

Also found that if I update to the latest LetsEncrypt, canceling a renewal is now an option. Sweet!


#14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.