Renewal not working


#1

A few months ago I was able to fumble my way thru this and get a certificate issued. That certificate expires on 2/12/17. So, I was expecting it to be renewed by now, and I verified that the scheduled task to do so has been running.

So, I ran the task manually to watch the output. It seems to think the cert doesn’t expire until 3/15?

This is running Apache on Windows 2008 R2. Here’s the command I ran and the output from it.

I checked the folder that is listed in the output, and the certificate there expires 2/12.

What am I doing wrong?
Thanks in advance.


#2

Ok, I did some more diagnosis on my own, and using the notes and comments from here:
https://commaster.net/content/how-setup-lets-encrypt-apache-windows
I edited the registry to put the renewal date in the past. Then ran the command again. The output this time:

So, the renewal is failing, but it’s actually updating the renewal date as if it succeeded. Anyone else using letsencrypt-win-simple that knows of a way to get more detail on why it’s failing?


#3

hi ZySurge

are you using version 1.8 of the product apparently there is a known issue with version 1.95 (read the link above)

there is a posssibility that the certificate has been renewed however it hasn’t been installed in your apache server

go check the certificate folder and see if you can see a new certificate and reboot apache and see if that solves your problem (i.e. the new certificate may be in the apache cert folder but apache caches certs and won’t load it till reboot)


#4

Thanks. I actually came to that same conclusion on Friday. I was using 1.9x, and the renewal was definitely failing. No new cert in the folder.

I then tried 1.8, but it doesn’t support SANs, which my original cert had. It ended up creating two different certs, which doesn’t work for me.

In the end, I just created a new cert, and set myself a calendar reminder to do so again in ~90 days. Not ideal, but it gets the job done.

Thanks again for the reply.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.