What did I do wrong using LE64.exe?

Windows Server 2019
LE64.exe v0.38
(was using older client v0.34 when the following happened, new version worked fine)

"Could not load the resource directory: SSL connection failed for acme-v02.api.letsencrypt.org: SSL connect attempt failed error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed"

Running a batch file with the following command. The recent cert problem caused an error but the executable did not return an errorlevel code, thus my batch file did not send me the bad email. Your automated emailer sent another message about our cert expiring in one day, so I took a look "just in case". SO GLAD I did that!

le64.exe --key account.key --csr mydomain.csr --csr-key mydomain.key --crt mydomain.crt --domains "something.gov,www.something.gov,cms.something.gov" --path "\inetpub\something.gov.well-known\acme-challenge,\inetpub\something.gov.well-known\acme-challenge,\inetpub\cms.something.gov\cms.well-known\acme-challenge" --renew 16 --unlink --issue-code 100 --live
if errorlevel 255 goto err
if errorlevel 100 call send-good-email-to-webmaster.bat
goto xit
call send-bad-email-to-webmaster.bat

It appears that the LE64.exe process failed to issue a return code for this error thus my batch file failed to get an errorlevel code thus it failed to send the bad email. So either there is a bug in the program or there is an error in my logic. Note that this batch file has been running for years now with no problems.

The errorlevel tests work by seeing if the return value is greater-than-or-equal-to the given value. So in this case, the LE64.exe process needs to return an error code of 255 (or higher) on any error. It used to work, but perhaps the author changed this in his code?

OR maybe the executable crashed and then it makes sense that there was no return code...??

@mushu It sounds like you have isolated a specific problem in LE64. Well done.

But, correcting LE64 needs to be done by the authors. I believe this is their github.

It sounds like after updating to 0.38 the certs are now working. If that is not the case please show the errors for that.


It worked fine once I updated the executable and relaunched the task. I got my "yay cert updated successfully!" email like usual.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.