Sll certificate strange problem in windows 10

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: forgottennot.online
If you're having trouble using Certbot and aren't sure you've found a bug or
request for a new feature, please first try asking for help at
https://community.letsencrypt.org/. There is a much larger community there of
people familiar with the project who will be able to more quickly answer your
questions.

My operating system is (include version):

Windows 10

I installed Certbot with (snap, OS package manager, pip, certbot-auto, etc):

I tried installing it with pip python/ and windows cmd

I ran this command and it produced this output:

Microsoft Windows [Version 10.0.19045.3324]
(c) Microsoft Corporation. All rights reserved.

C:\Windows\system32>certbot-auto -d forgottennot.online -d www.forgottennot.online
'certbot-auto' is not recognized as an internal or external command,
operable program or batch file.

C:\Windows\system32>certbot certonly --webroot
Saving debug log to C:\Certbot\log\letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): forgottennot.online, www.forgottennot.online
Certificate not yet due for renewal

You have an existing certificate that has exactly the same domains or certificate name you requested and isn't close to expiry.
(ref: C:\Certbot\renewal\forgottennot.online.conf)

What would you like to do?

1: Keep the existing certificate for now
2: Renew & replace the certificate (may be subject to CA rate limits)

Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Renewing an existing certificate for forgottennot.online and www.forgottennot.online

Successfully received certificate.
Certificate is saved at: C:\Certbot\live\forgottennot.online\fullchain.pem
Key is saved at: C:\Certbot\live\forgottennot.online\privkey.pem
This certificate expires on 2023-11-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
• Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

C:\Windows\system32>
Ceritificated are being installed succesfully there are no errors during the proces

Certbot's behavior differed from what I expected because:

in spite everything seems to have been installed properly, website still appears as not secured

Here is a Certbot log showing the issue (if available):

Logs are stored in /var/log/letsencrypt by default. Feel free to redact domains, e-mail and IP addresses as you see fit.

Here is the relevant nginx server block or Apache virtualhost for the domain I am configuring:

here main thread Website displays that it's not secured, in spite in installed certificates succesfully · Issue #9752 · certbot/certbot · GitHub

edit : know that it might be because of some part or points in my websites are directing to htttp: but this did not happen to me in linux

Your server appears to be Apache, not IIS, so knowing that will help you find the right configuration options.

Currently your server does not seem to be responding for https requests, but is ok for http. So you need to check windows firewall allows incoming https (TCP port 443) and that any cloud VM hosting control panel you use allows TCP port 443 as well.

If your firewall is open for that port you should also check your Apache configuration to ensure your site is setup for SSL and is listening on port 443

I don't think certbots Apache configuration works the same way as it does on linux etc (I don't know for sure) so you may need to manually configure all those settings to point to your certificate etc.
.

On Windows, just running Certbot is not enough. It's NOT automatically installed as can be done using Linux (the --apache plugin doesn't work on Windows). You have to manually install the issued certificate into your webserver. This is mentioned clearly in the Certbot instruction generator at Certbot Instructions | Certbot.

Please note that forcibly re-issuing an already perfectly fine certificate again does not help at all if the problem is related to certificate installation. Frankly, re-issuing the certificate is almost never appropriate, but in this case, where the installation step is the problem, re-issuing a perfectly fine certificate is just plain wasteful.

Oh, by the way, did you read my post on Github entirely or just the first part about posting here? I'm curious.

my domain is provided by domain.com but i can't find it here
Does My Hosting Provider Offer HTTPS? | Certbot

i spoke with them and they said that they don't support third party ssl . but in linux i had no problem. so there's a workaround to make this ssl cert work in windows as it did in linux?
because it worked there

The deciding factor is: How much access do you have to that Windows system?
If root/administrator level, then you can add whatever software you need to get the certs you want.
If less than root, then it may depend on the control panel in use / limitations imposed by the HSP.

Im' root/ administrator, but don't know what else to do at elast my domain provider did not gave me a solution via the web admin panel :S
could you help me ?

If you are root/admin, you can install an ACME client [written specifically for Windows] and use it to obtain certs for you.
See: ACME Client Implementations - Let's Encrypt (letsencrypt.org)

@rg305 OP already has a certificate issued as stated in the first post. Heck, OP reissued a perfectly fine cert for no good reason. The issue is OP doesn't know what to do with it.

Ok, well yes, then comes Step #2:
With an ACME client [written specifically for Windows], they may be able to use it to install the cert into IIS.

• Certify The Web (Windows) downloaded this it says that im certfies and all but the same thing still cannot access with https

Have you reviewed this?

Because port 443 (https) is the problem - not the cert itself. Your port 443 is "filtered" which usually means blocked by a firewall but could be other faulty comms config

nmap -p25,80,443 www.forgottennot.online
PORT    STATE    SERVICE
25/tcp  filtered smtp
80/tcp  open     http
443/tcp filtered https

yes i have enabled port 80 and 443 in my modem/firewall

edit i get this with win-acme

Create certificate failed, retry? (y/n*) - yes

Plugin Manual generated source forgottennot.online with 1 identifiers
Plugin Single created 1 order
Cached order has status invalid, discarding
[forgottennot.online] Authorizing...
[forgottennot.online] Authorizing using http-01 validation (SelfHosting)
Unable to activate listener, this may be because of insufficient rights or a non-Microsoft webserver using port 80
An error occured while commiting validation configuration: The process cannot access the file because it is being used by another process.
An error occured during post-validation cleanup: Cannot access a disposed object.
Object name: 'System.Net.HttpListener'.
[forgottennot.online] Deactivating pending authorization

Create certificate failed, retry? (y/n*)

Then why does the nmap show it filtered and why do https requests not get through?

curl -I -m10 http://www.forgottennot.online
HTTP/1.1 200 OK
Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.0.28
X-Powered-By: PHP/8.0.28
Set-Cookie: PHPSESSID=dd8i2hpbl8se6arp5tvqcurb4q; path=/
(other headers omitted)

curl -I -m10 https://www.forgottennot.online
curl: (28) Connection timed out after 10000 milliseconds

not sure with http it's working

Try:
netstat -ant | more

and scroll through that output - looking for :443
Do you find any lines with :443?

im using xampp
Proto Local Address Foreign Address State Offload State

TCP 0.0.0.0:80 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:902 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:912 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:7171 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:7172 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:31104 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:31105 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING InHost
TCP 0.0.0.0:50052 0.0.0.0:0 LISTENING InHost
TCP 127.0.0.1:3306 127.0.0.1:53600 ESTABLISHED InHost
TCP 127.0.0.1:3306 127.0.0.1:53601 ESTABLISHED InHost
-- More --

So, it is listening on port 443.
There must be a routing/firewall issue.

can somebody help me with anydesk or something? pls

How do i enable iss? Source plugin IIS not available: No supported version of IIS detected

having this with wacs.exe Plugin Manual generated source forgottennot.online with 1 identifiers
Plugin Single created 1 order
Cached order has status invalid, discarding
[forgottennot.online] Authorizing...
[forgottennot.online] Authorizing using http-01 validation (SelfHosting)
Unable to activate listener, this may be because of insufficient rights or a non-Microsoft webserver using port 80
An error occured while commiting validation configuration: The process cannot access the file because it is being used by another process.
An error occured during post-validation cleanup: Cannot access a disposed object.
Object name: 'System.Net.HttpListener'.
[forgottennot.online] Deactivating pending authorization

Create certificate failed, retry? (y/n*)