Unable to renew certificate manually

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: inventoryexpress.xyz

I ran this command:

It produced this output:

My web server is (include version): Apache/ 2.4.38 (Win64) OpenSSL/1.1.1b PHP/7.3.3

The operating system my web server runs on is (include version): WIndows Server 2019

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): win-acme 2.0.6.284 (RELEASE)

I successfully created the certificate with LetsEncrypt for the first time 01 May 2019. I used Win-ACME v2 client with Apache 2.4. The renewal task was created in the Task Scheduler. I have been checking to see if renewal was happening but Expiry Date remained at 30 Jul 2019. Yesterday (10 Jul 2019), I received an email titled Let’s Encrypt certificate expiration notice for domain “inventoryexpress.xyz”. I did some reading and I have tried to manually renew the certificate using:
I ran: wacs.exe interactive “List scheduled renewals”
Reply: [WARN] No options available
I ran: wacs.exe interactive “Renew scheduled”
Reply: [WARN] No scheduled renewals found.
I ran: wacs.exe interactive “Renew specific”
Reply: [WARN] No options available
I ran: wacs.exe interactive "Renew all
Reply: [WARN] No scheduled renewals found.
I have also run the command directly according to the “Renew Manually” instructions:
wacs.exe --renew --baseuri “https://acme-v02.api.letsencrypt.org/”
Reply: Reply: [WARN] No scheduled renewals found.

So I have 19 days to figure this out! Are there other ways to renew manually? Thank you in advance for your assistance.

Hi @dave02150

I don’t know how that client works.

But if renew doesn’t work, use the command you have used to create a new certificate.

There is a check of your domain - https://check-your-website.server-daten.de/?q=inventoryexpress.xyz

Your certificate

Issuer not before not after Domain names LE-Duplicate next LE
Let’s Encrypt Authority X3 2019-05-01 2019-07-30 inventoryexpress.xyz - 1 entries

has only one domain name, so your defined www version is insecure.

So create one certificate with both domain names - non-www and www.

Thank you, sir!
I have taken your advice and created a new certificate (with both names).
I am still working through the aftermath.
I hope that recreating the certificate does not cause any additional errors.
I will be back if I cannot figure things out.
Thank you
David

2 Likes