Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: sandbox.surplussales.com
I ran this command: Auto added to Task Scheduler by wacs: wacs.exe --renew --baseuri “https://acme-v02.api.letsencrypt.org/”
It produced this output: So the task always says, it completed successfully. I ran it manually and the wacs window keeps dissapearing, so I finally managed to get a print screen. The first [EROR] is “Error preparing for challenge answer” but then it says “should not be needed in --renew mode” Second [EROR] “Renewal for LetsEncrypt-SandBox-PPIPN failed, will retry on next run”
My web server is (include version): IIS 8.0
The operating system my web server runs on is (include version): Win2012
My hosting provider, if applicable, is: N/A
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot): wacs = 220.127.116.116 (ACMEv2)
Unable to figure out why the automation renewal keeps failing, I finally ran wacs manually with no command line arguments. I went through the “renew ALL” process and it requested I make additions and deletions for TXT records in my DNS. After doing this manually, I did successfully renew my cert.
What I am wondering, am I locked into doing this manually and creating/deleting records on two DNS servers each time? Was there a bug in 18.104.22.1686 which prevented --renew from requiring DNS verification each time? (I hate changing versions - I understand the purpose, but it seems like I always have to start over from scratch each time – I know ACME is fairly new too, so maybe it gets better.)