RRAS SSTP certificate binding fails after WACS renewal

My domain is: remote.lewisseatingsystems.nl

I have a MS Windows Server 2016 Standard
I've used the WACS to setup a task in Windows Task Scheduler.

The "Routing and Remote Access" service shows a green arrow up symbol.
But after opening the properties of the server and switching to the security tab, a warning dialog appears with the text:
"The certificate used for Secure Socket Tunneling Protocol (SSTP) is missing. You should configure a new certificate for SSTP or use default configuration"

This message is also shown when on the commandline the following is executed:
netsh ras show sstp-ssl-cert

I've also noticed on:

That there are two entries on every day the certificate is renewed.

I'm using WACS version (release, pluggable, standalone, 64-bit)

I've found the script "ImportSSTP.ps1" from here:

But I can't get it to work...
In the Windows Task Manager the task arguments are:
--renew --baseuri "https://acme-v02.api.letsencrypt.org/" --script "D:\SSLcertificaat\LetsEncrypt\win-acme scripts\ImportSSTP.ps1" --scriptparameters "{CertThumbprint}"

One of those is a Precertificate and the other the Leaf. That is normal.

As for your Windows configuration questions, I have no idea :slight_smile:


Hi @JoHu, and welcome to the LE community forum :slight_smile:

I have two questions:

  • Has RRAS worked with an LE cert before?
    If not, then what guide are you following?

  • Have you tried using a cert from another free CA?
    If not, I would try that.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.