Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: mail.logar-trade.si
win.acne version 2.2.9.1701
I ran this command:
wacs.exe --renew --baseuri "https://acme-v02.api.letsencrypt.org/
From 29.6.2025 I have this error in log (relevant part of log)
2025-05-29 12:52:49.680 +02:00 [DBG] secrets.json not found
2025-05-29 12:52:50.045 +02:00 [DBG] Renewal period: 55 days
2025-05-29 12:52:50.068 +02:00 [VRB] Sending e-mails false
2025-05-29 12:52:50.238 +02:00 [INF] Arguments: --renew --baseuri https://acme-v02.api.letsencrypt.org/
2025-05-29 12:52:50.253 +02:00 [VRB] ExePath: D:\WACME\wacs.exe
2025-05-29 12:52:50.254 +02:00 [VRB] ResourcePath: D:\WACME
2025-05-29 12:52:50.254 +02:00 [VRB] PluginPath: D:\WACME
2025-05-29 12:52:50.310 +02:00 [INF] Software version 2.2.9.1701 (release, trimmed, standalone, 64-bit) started
2025-05-29 12:52:50.315 +02:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...
2025-05-29 12:52:50.367 +02:00 [DBG] [HTTP] Send GET to "https://acme-v02.api.letsencrypt.org/directory"
2025-05-29 12:52:51.650 +02:00 [DBG] Connection failed: An error occurred while sending the request.
2025-05-29 12:52:51.653 +02:00 [DBG] [HTTP] Send GET to "https://acme-v02.api.letsencrypt.org/"
2025-05-29 12:52:52.549 +02:00 [DBG] Connection failed: An error occurred while sending the request.
2025-05-29 12:52:52.549 +02:00 [DBG] Initial connection failed, retrying with TLS 1.2 forced
2025-05-29 12:52:52.549 +02:00 [DBG] [HTTP] Send GET to "https://acme-v02.api.letsencrypt.org/directory"
2025-05-29 12:52:53.502 +02:00 [DBG] Connection failed: An error occurred while sending the request.
2025-05-29 12:52:53.502 +02:00 [DBG] [HTTP] Send GET to "https://acme-v02.api.letsencrypt.org/"
2025-05-29 12:52:54.505 +02:00 [DBG] Connection failed: An error occurred while sending the request.
2025-05-29 12:52:54.508 +02:00 [WRN] Initial connection failed
2025-05-29 12:52:54.511 +02:00 [DBG] Running with administrator credentials
Note, it works fine until 28.6.2025 It produced this output (relevant part of log):
2025-05-28 09:42:25.145 +02:00 [DBG] secrets.json not found
2025-05-28 09:42:25.479 +02:00 [DBG] Renewal period: 55 days
2025-05-28 09:42:25.499 +02:00 [VRB] Sending e-mails false
2025-05-28 09:42:25.634 +02:00 [INF] Arguments: --renew --baseuri https://acme-v02.api.letsencrypt.org/
2025-05-28 09:42:25.649 +02:00 [VRB] ExePath: D:\WACME\wacs.exe
2025-05-28 09:42:25.649 +02:00 [VRB] ResourcePath: D:\WACME
2025-05-28 09:42:25.649 +02:00 [VRB] PluginPath: D:\WACME
2025-05-28 09:42:25.700 +02:00 [INF] Software version 2.2.9.1701 (release, trimmed, standalone, 64-bit) started
2025-05-28 09:42:25.705 +02:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...
2025-05-28 09:42:25.750 +02:00 [DBG] [HTTP] Send GET to "https://acme-v02.api.letsencrypt.org/directory"
2025-05-28 09:42:26.897 +02:00 [VRB] [HTTP] Request completed with status "OK"
2025-05-28 09:42:26.970 +02:00 [VRB] [HTTP] Response content: {
"NtGv1_ijv1s": "Adding random entries to the directory",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"profiles": {
"classic": "Profiles - Let's Encrypt",
"shortlived": "Profiles - Let's Encrypt (not yet generally available)",
"tlsserver": "Profiles - Let's Encrypt"
},
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.5-February-24-2025.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-03/renewalInfo",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
2025-05-28 09:42:27.016 +02:00 [INF] Connection OK!
2025-05-28 09:42:27.019 +02:00 [DBG] Running with administrator credentials
My web server is (include version): IIS/Exchange 2016
The operating system my web server runs on is (include version): W2012r2
Note, I've checked with curl and there loooks fine.There was no changes on network/firewall part.
curl -vI --ca-native https://acme-v02.api.letsencrypt.org/
Note: Using embedded CA bundle, for proxies (231212 bytes)
* Host acme-v02.api.letsencrypt.org:443 was resolved.
* IPv6: (none)
* IPv4: 172.65.32.248
* Trying 172.65.32.248:443...
* Failed to set TCP_KEEPINTVL on fd 220: errno 10042
* Failed to set TCP_KEEPCNT on fd 220: errno 10042
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* successfully imported Windows ROOT store
* successfully imported Windows CA store
* CAfile: \primus\util\curl\bin\curl-ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Unknown (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=acme-v02.api.letsencrypt.org
* start date: May 27 18:49:40 2025 GMT
* expire date: Aug 25 18:49:39 2025 GMT
* subjectAltName: host "acme-v02.api.letsencrypt.org" matched cert's "acme-v02.api.letsencrypt.org"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
* Certificate level 0: Public key type ? (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type ? (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type ? (4096/128 Bits/secBits), signed using sha256WithRSAEncryption
How to resolve this?