Renew certificate by using custom scrpit for dns azure validation

Hey,

I have written a custom script with command wacs.exe --renew --baseuri “https://acme-v02.api.letsencrypt.org/ while validation is happening through the azure dns so i am getting the output like:
**
[INFO] A simple Windows ACMEv2 client (WACS)
[INFO] Software version 2.0.6.284 (RELEASE)
[INFO] IIS version 10.0
[INFO] Please report issues at https://github.com/PKISharp/win-acme

[INFO] Renewal for DNS_Point2value is due after 2020/1/1 0:55:38
**

But when i am renewing for the win acme exe then i am getting the output like :slight_smile:
[INFO] Authorize identifier: point2value.com
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: point2value.com
[INFO] Cached authorization result: valid
[WARN] Unable to read from certificate cache
[WARN] Unable to read from certificate cache
[INFO] Requesting certificate DNS_Point2value
[INFO] Installing certificate in the certificate store
[INFO] Adding certificate DNS_Point2value 2019/11/7 0:55:37 to store WebHosting
[INFO] Installing with None…
[INFO] Next renewal scheduled at 2020/1/1 0:55:38
[INFO] Renewal for DNS_Point2value succeeded

So is there something i am missing in the command which i am using in the custom script?
My domain is:*.point2value.com, point2value.com

What is the problem? By all accounts, it has issued a certificate for *.point2value.com + point2value.com: https://crt.sh/?id=2077991991

If you are confused by:

The reason you don’t see the wildcard there comes down to how wildcard domains are handled by Let’s Encrypt. Even though you are requesting a certificate for *.point2value.com, the DNS identifier that is used to authorize that request is point2value.com.

1 Like

actually that is not the problem. Actually when i am running command for renew externally i am getting response something else and no new entry i am able to see in the renew history.

I’m having a hard time understanding what the issue is still :frowning: .

When you run wacs.exe --renew inside your script, is the problem that it doesn’t do any renewal and just produces:

[INFO] Renewal for DNS_Point2value is due after 2020/1/1 0:55:38

I think that would be the correct behavior, since --renew only performs renewal if necessary, otherwise it does nothing.

Or am I still misunderstanding?

For http-01 validation it is working fine but for dns-01 i am getting this.

[VERB] Arguments: --renew --verbose
[DBUG] Config folder: C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org
[DBUG] Certificate cache: C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
[VERB] Settings SettingsService {ConfigPath=“C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org”, CertificatePath=“C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates”, ClientNames=[“win-acme”, “win-acme”], RenewalDays=55, HostsPerPage=50, ScheduledTaskRandomDelay=00:00:00, ScheduledTaskStartBoundary=09:00:00, ScheduledTaskExecutionTimeLimit=02:00:00}
[VERB] Sending e-mails False
[DBUG] Renewal period: 55 days
[VERB] Checking renewals
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Signer_v2
[DBUG] Send GET request to https://acme-v02.api.letsencrypt.org/directory
[DBUG] Send HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce
[DBUG] Loading account information from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Registration_v2
[VERB] Checking DNS_Point2value
[INFO] Renewal for DNS_Point2value is due after 2020/1/1 1:04:02

So the point is: if you are using the custom script then you will be able to renew the certificate after 55 days not before that because the certificate will be expired in 90 days otherwisw you have to use --force in command.