Windows Server 2019
LE64.exe v0.38
(was using older client v0.34 when the following happened, new version worked fine)
"Could not load the resource directory: SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"
Running a batch file with the following command. The recent cert problem caused an error but the executable did not return an errorlevel code, thus my batch file did not send me the bad email. Your automated emailer sent another message about our cert expiring in one day, so I took a look "just in case". SO GLAD I did that!
le64.exe --key account.key --csr mydomain.csr --csr-key mydomain.key --crt mydomain.crt --domains "something.gov,www.something.gov,cms.something.gov" --path "\inetpub\something.gov.well-known\acme-challenge,\inetpub\something.gov.well-known\acme-challenge,\inetpub\cms.something.gov\cms.well-known\acme-challenge" --renew 16 --unlink --issue-code 100 --live
if errorlevel 255 goto err
if errorlevel 100 call send-good-email-to-webmaster.bat
goto xit
:err
call send-bad-email-to-webmaster.bat
:xit
It appears that the LE64.exe process failed to issue a return code for this error thus my batch file failed to get an errorlevel code thus it failed to send the bad email. So either there is a bug in the program or there is an error in my logic. Note that this batch file has been running for years now with no problems.
The errorlevel tests work by seeing if the return value is greater-than-or-equal-to the given value. So in this case, the LE64.exe process needs to return an error code of 255 (or higher) on any error. It used to work, but perhaps the author changed this in his code?
OR maybe the executable crashed and then it makes sense that there was no return code...??