Site not allowing https connection after manually renewing cert via win-acme

Although I successfully renewed the cert via win-acme, I can no longer access my domain via https w/o receiving the 'Your connection isn't private' error message.
How may I verify my cert status, outside of win-acme?

My domain is: winvm.link:2443

I ran this command: win-acme renewal process

It produced this output: success

My web server is (include version): NGINX

The operating system my web server runs on is (include version): Windows 10

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): win-acme

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme 2.1.17.1065

Use a site like this one. It confirms the cert you send from your port 2443 server expired yesterday (and also has a faulty chain).

As I can see, it is installed properly.

??? I see an expired cert with a faulty chain but if you are happy so am I

As to not make myself seem any more dense... I do see that in the results. Thank you.

If win-acme supposedly executed the renewal successfully, what would be my next step, other than try win-acme again?

Installing the new certificate in your server should be the next step.

Okay, thank you.

Question regarding auto-renewal of certs. For the life me, I cannot recall why I had to set up my cert w/ manual renewal. If I moved to Ubuntu would I then be able to run a cron job and have the cert auto-renewed?

You can have autorenewal on Windows as well. But it's a two phase process:

1. passing the challenge and renewing the certificate;
2. automatically installing it and telling the server to use the new certificate.

Ok. When I was setting up win-acme, I could not set up auto-renewal. I've re-read the instructions for, but I cannot find the criteria in order to use auto-renewal. May the issue be w/ my domain handler, NameCheap? My domain is not 'hosted' anywhere, I simply have it pointing to my VPN service static IP.

Depending on the error you get, it might wery well be them. But I don't know.

I re-created the cert... still receiving error. I have submitted a Support Request to NameCheap.

Any other suggestions?

Have you restarted nginx after getting a fresh cert?

Can you show the results of this:

nginx -T

When you setup win-acme you perhaps used manual DNS validation (you mentioned namecheap and your current cert is a wildcard). If you use http validation you wouldn't need to use DNS validation (but you can't get a wildcard using http validation) but I'm guessing your ISP doesn't allow you to host stuff on normal ports.

Alternatively you could switch to another ACME client that provides a namecheap DNS provider (See also https://acmeclients.com). Note that you could probably just use certbot for this as the files it produces will work fine with nginx.

Wow, again, I had not thought to reboot... geez! It works again. Thank you!

Although I fixed the issue, I am intrigued about getting the renewal process to be automatic.

It just may be that I couldn't do the validation via dns with NameCheap. I'll try Certbot. If I can't get it to work, I'll start a new specific thread herein. Thank you.

If you determine that's their fault, or even if you just want to do do it, you can switch DNS providers.

Proved working are Cloudflare, Route53, Hurricane Electric, DigitalOcean and many others. An interesting choice can be 1984.is.

Thanks. I will try certbot first to see if it can autorenew w/ NS.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.