Ssl auto renew using win-simple


#1

Hi there,

I installed Let’s Encrypt on one production site. I used win-acme (win-simple) client to create new SSL certificate.

To renew the certificate, I run ‘Renew specific’ command from PowerShell, and that executed successfully.

My questions are below:

  1. What does the meaning of ‘Next renewal scheduled at 2018/07/22 at 12:00 am’?
  2. How can I automate the renewal process using win-simple or other client for windows server? Do I meed to write any script for that?

Thank you very much in advance.


#2

That’s about 15 days before your certificate would expire if you got one today.

That’s a little strange as usually it is scheduled about 30 days before expiry. You might have changed RenewalDays in a configuration file or you might be using an old version of letsencrypt-win-simple (recently renamed to win-acme) that does things differently.

Letsencrypt-win-simple/win-acme usually creates a Windows scheduled task to automatically renew your certiticate for you. You can check the Task Scheduler in the Control Panel to confirm one exists.


#3

Hi Patches,

Thank you for your prompt response.

I am using win-acme v1.9.10.1 (https://github.com/PKISharp/win-acme/releases).

I have checked out Task Scheduler, Let’s Encrypt is set to trigger everyday. What does that mean?

Please see the screenshot attached.
image

Thank you :slight_smile:


#4

It runs daily and checks the registry to see if it has to renew a certificate. It only renews the certificate when the registry says it’s time to. You can run letsencrypt-win-simple --renew on the command line yourself to see it in action.


#5

Thank you Patches.

I run that --renew command. I got following result.

image

I think that’s not scheduled yet. But I scheduled that running ‘Renew Specific’ command.

was that the right way to do that?

Thank you again :slight_smile:


#6

Hi there,

Is the any command line arguments to set auto renew using command prompt or powershell?

thanks


#7

When you got your last certificate, it should have scheduled a date two months afterward to renew it, just as it did this time.

If you forgot about that and just renewed it a little bit early that’s no problem. Better safe than sorry! :grinning:

If your certificate was getting really close to expiring or expired on you and it seems like the automatic renewal thing didn’t work like it should this time then we should look into that.

You can only turn it OFF with --notaskscheduler. It’s on by default, and you showed me it was there in your task scheduler screenshot.

Everything else like the time the daily task runs and the days to wait to actually run the renewal are set in its configuration file, but @WouterTinus pointed out in another thread recently that changing these settings will only take effect the next time it is actually renewed.


#8

Hey Patches,

Thank you for your help so far :slight_smile:

I just run ‘List Scheduled renewals’ and I got the following result:

image

What do you reckon, was that right? Do I need to remove two renew schedules from them?

however, if the server hosting provider does not support Let’s Encrypt, what I need to do to install Let’s Encrypt?

Which client is better win-acme or ACMESharp? :slight_smile:

Cheers


#9

I think the misleading bit here is the phrase ‘not scheduled, due after …’

It’s meant to convey that renewal is not necessary right now because the current certificate has plenty of life left in it.

It will renew once you get past the due date.

From the certificate details you can see that you already renewed three times (using the renew specific command) and each time was successful.

Everything looks fine to me for your setup!


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.