SSL cert won't renew on Apache Server

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
I ran this command:

It produced this output:
certbot certonly --webroot
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I think I found where it is failing in the logs. I am following the Apache/Windows instructions on from LetsEncrypt.

Please show the outputs of:
apachectl -t -D DUMP_VHOSTS
certbot --version

Show the renewal config file.


Can you explain why IIS Server is running? Because I see this:

curl -I

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Date: Tue, 09 Aug 2022 02:00:51 GMT

I can't say really...I'm a novice and was confused about that myself. I thought the SSL cert expiring made my server crash which is why I was seeing that. Are the 500 error and cert expiration two different problems?

I'd say yes.
The error 500 is happening over HTTP [without involving any certificate].

The "other" (third) problem you fail to recognize is that IIS is answering NOT nginx Apache.
So, you might not even be on the right system/IP
NAT is misconfigured
something else can explain that difference.


Correction: NOT Apache


Is this saying port 80 is closed? Are there any circumstances it would close?

That is saying port 80 is in use by something else. In your case it looks like IIS because that is what responds to HTTP requests right now.

Your first step is to have a site working with HTTP. Once you have that working you can try to get a cert.

If you decide to stay with IIS rather than Apache, I recommend using the acme client Certify The Web. It is one of the recommended clients for Windows. It is popular and an easy to use gui.


Thank you for the advice! My goal is use Apache. That is what the server was running with before it crashed. Do you know how/why IIS would've taken over?

1 Like

No. You need to review your Windows config.


@MikeMcQ Thanks! I stopped IIS and the 500 error is gone ^.^

1 Like

Progress. Good.

The 404 error usually means the certbot webroot folder does not match your apache DocumentRoot.

Can you show this file?


EDIT: I just realized you previously got a cert with certbot. What happens with this command?

certbot renew --dry-run

Odd. I still want to see this file and also the \certbot\renewal\ubismartbackend.conf file


Oh this is different than the webroot I was using. I'll try this now.

Hm. Same error.

Let's make a test file in the DocumentRoot like this

echo Data123 >"c:\users\administrator\desktop\app\ubismartbackend\Test123"

We should be able to see that using

I am intentionally ignoring the acme challenge folder names for now.