Win-acme with Azure DNS verification not re-using cached certificates?

I ran this command:
wacs.exe --target manual --host [myhost] --certificatestore My ^
--installation iis,script --installationsiteid 1 --script "Scripts\ImportSSTP.ps1" --scriptparameters "{CertThumbprint}" ^
--verbose --validation azure ^
--azuretenantid [tenantId] ^
--azureclientid [clientId] ^
--azuresecret [secret] ^
--azuresubscriptionid [subId] ^
--azureresourcegroupname [resource-group-name]

The command runs fine and generates a certificate as needed. However, I noticed that a re-run of the command will generate a new certificate, rather than re-use the existing one. Does it mean Azure / DNS verification doesn't re-use cached certificates?

The version of my client (win-acme / wacs): 2.1.18.1119

Hi @mbender and welcome to the forum!

I don't use windows and am not familiar with wacs.exe... However, I would expect that if one were to run the same exact command that one would get the same exact result.

I see you are using a script for the process. I am also NOT familiar with the script or it's usage.
But a quick scan of the win-acme documentation does offer information relating to your desired result.

--renew
     Renew any certificates that are due. This argument is used
     by the scheduled task. Note that it's not possible to
     change certificate properties and renew at the same time.
--force
     Force renewal when used together with --renew. Otherwise
     bypasses the certificate cache on new certificate
     requests.

Another volunteer here may be able to give you more support...
"That's all I got!"
Hope it helps a little?

I believe win-acme does have some certificate caching so if you consider that there's a bug you should report it on their github issues.

Meanwhile, if your objective is to be able to repeatedly run a script from an existing certificate also check out https://certifytheweb.com (software I developed) and it's Deployment Tasks feature. Tasks are repeatable from the Tasks tab.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.