Renewal stuck on connecting to

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:,,,

I ran this command:C:\win-acme.v2.1.22.1267.x64.trimmed\wacs.exe --renew --baseuri ""

So when the auto renewal scheduled task runs, the above output is all I see, it never progresses beyond trying to connect. I checked on Let's Debug, and the site passed an http-01 test. It worked flawlessly when initially setting up the certificate. This is the first time it's tried to renew.

It produced this output: A simple Windows ACMEv2 client (WACS)
Software version (release, trimmed, standalone, 64-bit)
Connecting to

My web server is (include version):IIS 10.0.17763.1

The operating system my web server runs on is (include version): Windows Server 2019 Standard

My hosting provider, if applicable, is:Server instance running on Amazon Web Services

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Hi @funkmotor, and welcome to the LE community forum :slight_smile:

I'd check the system for:

  • dns
  • outbound HTTPS connections

I can ping with no problem, so DNS seems to be working. I have an outbound rule in the AWS firewall to allow HTTPS (port 443), and I have turned off Windows Defender firewall entirely. When I run the renew command from a command prompt, it just sits on "Connecting to ""..." until I close the window.

I'm not familiar with WACS, so I won't be much help there.
Is that their latest version?
Do they have an active support channel?
Are you willing to try some other Windows ACME client?


OK, first off I want to say thank you, rg305, for your incredibly prompt response, and your attempt to help.

I have figured out the issue and the renewal just ran with no errors. The short version of the fix is: I'm dumb. The long version of the fix is: I rebooted the server and ran the update command. I mean, I did the number one, most basic thing one should do, but I did it last instead of first. Sometimes I wonder how I've kept my job for so long....

Anyway, thanks again for your help. I really appreciate it.


I would be more worried if you did that (reboot and fixed it) and still kept trying even more stuff - LOL
The thing that works it always last :slight_smile:


Slightly off-topic but I actually found out the other day that the win-acme brand+repo is officially owned by ZeroSSL via Stack Holdings Gmbh (they just don't contribute any code to it, that's done by an enthusiastic volunteer), so if you do need win-acme support you should be able to ask ZeroSSL support, especially if a paying customer.

You can get (volunteer) support here: Discussions · win-acme/win-acme · GitHub

Regarding your original problem windows firewall can be a bit sticky and sometimes changing the rules (e.g. allowing outbound https) doesn't really take effect until you reboot.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.