Renewal not working

ZySurge · February 2, 2017, 8:08pm

A few months ago I was able to fumble my way thru this and get a certificate issued. That certificate expires on 2/12/17. So, I was expecting it to be renewed by now, and I verified that the scheduled task to do so has been running.

So, I ran the task manually to watch the output. It seems to think the cert doesn’t expire until 3/15?

This is running Apache on Windows 2008 R2. Here’s the command I ran and the output from it.

I checked the folder that is listed in the output, and the certificate there expires 2/12.

What am I doing wrong?
Thanks in advance.

ZySurge · February 3, 2017, 8:31pm

Ok, I did some more diagnosis on my own, and using the notes and comments from here:
https://commaster.net/content/how-setup-lets-encrypt-apache-windows
I edited the registry to put the renewal date in the past. Then ran the command again. The output this time:

So, the renewal is failing, but it’s actually updating the renewal date as if it succeeded. Anyone else using letsencrypt-win-simple that knows of a way to get more detail on why it’s failing?

ahaw021 · February 4, 2017, 7:51am

hi ZySurge

are you using version 1.8 of the product apparently there is a known issue with version 1.95 (read the link above)

there is a posssibility that the certificate has been renewed however it hasn’t been installed in your apache server

go check the certificate folder and see if you can see a new certificate and reboot apache and see if that solves your problem (i.e. the new certificate may be in the apache cert folder but apache caches certs and won’t load it till reboot)

ZySurge · February 6, 2017, 1:45pm

Thanks. I actually came to that same conclusion on Friday. I was using 1.9x, and the renewal was definitely failing. No new cert in the folder.

I then tried 1.8, but it doesn’t support SANs, which my original cert had. It ended up creating two different certs, which doesn’t work for me.

In the end, I just created a new cert, and set myself a calendar reminder to do so again in ~90 days. Not ideal, but it gets the job done.

Thanks again for the reply.

system · March 8, 2017, 1:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How can I test that certificate renewal works? Help	4	1242	September 13, 2017
Certbot's renewal error Issuance Tech	11	4118	January 5, 2017
Ssllabs says cert expired Jan 17th but Lets Encrypt says not due for renewal Help	13	2000	March 24, 2017
"renew" does not work with apache and multiple domains (and certonly also not)	2	2133	May 10, 2016
Cert renewed but apache still pulling old one, even after restart Help	6	746	September 11, 2019

Renewal not working

Related topics