We have a automated task that runs every few weeks to make sure that certificates are up to date if they are not we use ACME-PS (PowerShell Gallery | ACME-PS 1.5.2) to update them
Recently the certificates have only been renewing for 7 days
I have tried running the script from other windows VM's and am getting the same issue the response that is coming back is only for 7 days
<# -- Script -- #>
$acmeServiceName = "LetsEncrypt-Staging";
#Your email addresses, where acme services will send informations.
$contactMailAddresses = @($email);
# This directory is used to store your account key and service directory urls as well as orders and related data
$acmeStateDir = "C:\Temp\AcmeState";
# Create the state object - will be saved to disk
New-ACMEState -Path $acmeStateDir;
# Load URLs from service directory
Get-ACMEServiceDirectory -State $acmeStateDir -ServiceName $acmeServiceName;
# Retrieve the first anti-replay nonce
New-ACMENonce -State $acmeStateDir;
# Create an account key and store it to the state
New-ACMEAccountKey -State $acmeStateDir;
# Register account key with acme service
New-ACMEAccount -State $acmeStateDir -EmailAddresses $contactMailAddresses -AcceptTOS;
# This dns names will be used as identifier
$dnsIdentifiers = New-ACMEIdentifier $domain;
# Create a new order
$order = New-ACMEOrder -State $acmeStateDir -Identifiers $dnsIdentifiers;
For the same domain name i have tried setting up a Linux server with nginx and issues a certificate for that (not using the ACME-PS) and it issues it for the full 90 days
I don't quite understand. What do you mean 'is only for 7 days'? The validity of the certificate?
Also, please fill out the questionnaire which should have been presented to you when you opened this thread in the #help section:
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
And when you request that same cert tomorrow it will expire in 6 days.
You are not even showing the good from date - only the expiration [which seems to be unchanging].
So, renewing the cert is not the problem.
You need to check on why the service is not using the renewed cert.
Without seeing the actual output of the script without any human interpretation, we just have to take your word for it
My advice for any next time is to provide AS MUCH details as possible preferably copy/paste from outputs, including any log file with also as much details as possible instead of as little as in this thread which also seem to be tainted by human interpretation.