Renewal Failure Notice: Certify Certificate Manager 5.5.5.0 is Significantly Out of Date, but the Version on the Server is 6.0.18.0 and the Certificate Has Been Renewed Successfully

I continuously keep receiving emails about the failure of the renewal and that the Certify Certificate Manager (CCM) version 5.5.5.0 is significantly out of date. However, the CCM version installed on my server is 6.0.18.0, and the domain has been successfully renewed. Why am I still receiving these outdated renewal failure notices, and how can I resolve this discrepancy?

Details:

• Current CCM Version: 6.0.18.0
• Domain: gemo.gabservizi.it
• Server: CLD-2A460D-03
• Issue: Received renewal failure notice despite successful renewal and updated software
• Web Server Version: IIS 1607
• Operating System: Windows Server 2016 Datacenter
• Hosting Provider: Cloudfire (Italian private provider)
• Control Panel: Certify Certificate Manager 6.0.18.0

Logs:

Here are the latest logs from the renewal process:

less

Copia codice

2024-06-22 17:25:52.239 +02:00 [INF] ---- Beginning Request [gemo] ----
2024-06-22 17:25:52.241 +02:00 [INF] Certify/6.0.18.0 (Windows; Microsoft Windows NT 10.0.14393.0)
2024-06-22 17:25:52.241 +02:00 [INF] Beginning certificate request process: gemo using ACME provider Anvil
2024-06-22 17:25:52.241 +02:00 [INF] The selected Certificate Authority is: Let's Encrypt
2024-06-22 17:25:52.241 +02:00 [INF] Requested identifiers to include on certificate: gemo.gabservizi.it [dns];www.gemo.gabservizi.it [dns]
2024-06-22 17:25:52.871 +02:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/101859937/280709843297
2024-06-22 17:25:53.154 +02:00 [INF] Order is ready and valid. Auth challenges will not be re-attempted.
2024-06-22 17:25:53.155 +02:00 [INF] [Progress] Order authorizations already completed.
2024-06-22 17:25:53.155 +02:00 [INF] Resuming certificate request using CA: Let's Encrypt
2024-06-22 17:25:53.155 +02:00 [INF] [Progress] Requesting certificate via Certificate Authority
2024-06-22 17:25:57.287 +02:00 [INF] [Progress] Completed certificate request.
2024-06-22 17:25:57.298 +02:00 [INF] [Progress] Performing automated certificate binding
2024-06-22 17:25:58.539 +02:00 [INF] Completed certificate request and automated binding updates
2024-06-22 17:25:58.540 +02:00 [INF] [Progress] New certificate received and standard deployment performed OK.

My domain is: gemo.gabservizi.it

My web server is (include version): IIS 1607

The operating system my web server runs on is (include version): Windows Server 2016 Datacenter

My hosting provider, if applicable, is: Cloudfire (Italian private provider)

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Certify Certificate Manager 6.0.18.0

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Question:

Given that the certificate renewal was successful and the Certify Certificate Manager is updated, why am I still receiving outdated renewal failure notices? How can I resolve this discrepancy and prevent similar notifications in the future?

Any insights or advice would be greatly appreciated!

The best place to ask Certify The Web questions is on our dedicated support community: https://community.certifytheweb.com/

If you are a licensed customer you can ask privately for support via support {at} certifytheweb.com and we can look up notifications our system is sending you once we know your email address.

By default that app will send status reports to our (certifytheweb.com) API so that if you get repeated renewal failures we can send you a notification. There's an outside chance you could get [an old] notification if we previously failed to receive your status report and it went into our pending items message queue then got processed later but I've never seen that happen more than a few minutes late.

It sounds like you are saying there have been days or weeks since you upgraded so let's investigate that. Based on the status reports in our database we received a report from version 5.5.5 on "2024-06-30 19:50:38.964357+00" but we also got reports from the "same" server earlier that day using version 6.0.18 (for different domains). I can confirm that the only status report we have matching that domain is shown as a failed renewal (the http 404 error suggests that the domain is pointing to the IP of a different machine, e.g. not the one running certify).

I doubt that you have downgraded the app so I suspect that you have at some point cloned/copied a server and kept the same machine name, so check your list of running virtual machines. I can see status reports for about 6 different installs all reporting from ACME accounts with a couple of different gabtamagnini.it email addresses.

If you don't want notifications of failed renewals at all (and/or don't want to send status reports to our API or reporting dashboard) then you can disable status reporting under Settings in the app.

Either way, this is not a Let's Encrypt problem and if you want to email us about it directly instead of discussing it here please do.

As a follow up I can confirm that we have no pending messages in our status reporting queue so it's not possible for you to receive any further outdated messages if that was the cause. Any future status reports we get are coming directly from your app installs on your servers/machines and if there is still a version mismatch then we would need to help you investigate that further (incomplete installation upgrade, VMs running you don't know about etc).

After a further investigation I've found that someone did a server backup on another VM some months ago, so as you have pointed out the issue was in that cloned server, after disabling the service on it, the issue seems to be resolved.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.