WinAcme 2.1.4.710 renews but expiry doesn't change

Help
1

After “succeeding” to renew my certificate about 4 times, i notice the same expiration date on the certificate info of my website. This was after clearing the browser cache on multiple devices. Not very versed in this at all but I am beginning to panic due to certificates no longer being issued from older clients; which poses a problem because the only way I managed to get my certificate reinstated after revoking and creating one all over again (same problem last time I attempted to renew) was to issue from the oldest version of win-acme that ever existed; and import the renewal into ever newer versions until current. Therefore, it feels like I’ll literally be locked out of getting a certificate through letsencrypt until I can afford a separate linux server (including maxed out outlets in my house :sweat_smile: ) just to use certbot instead of winacme … help?

My domain is: https://www.xarus.no-ip.org

I ran this command:

It produced this output:

My web server is (include version): WAMPServer 3.1.7

The operating system my web server runs on is (include version): Windows 8.1 version 6.3 (Build 9600)

My hosting provider, if applicable, is: no-ip.org

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): win-acme.v2.1.4.710.x64.pluggable

1 Like
2

A simple question, have you tried to restart your webserver and figure out which certificate (the absolute path) your webserver is using?
The two possible reasons I think might be

  1. Your webserver isn’t restarted to use the new certificate (if you are using the same file as your certificate client changed)
  2. Your webserver is using a copy of the certificate, instead of using the auto-updated version.
4 Likes
3

The cert in use expires in 18 days.
But you have definitely renewed that cert today:

You need to do as @stevenzhu recommends and check where the renewed certs are stored and compare to where your webserver uses certs.
Or just restart the web service / server.

3 Likes
4

Gonna check when I can! Definitely didn’t consider the path might’ve changed. Nervous to figure that one out but thank you for pointing me in a direction!

1 Like
5

I think i narrowed down where my webserver is looking for the certs and is indeed pulling from the v01 api.

a snipit of my httpd-vhosts config:


  SSLEngine on
  SSLCertificateFile "C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org/xarus.no-ip.org-crt.pem"
  SSLCertificateKeyFile "C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org/xarus.no-ip.org-key.pem"
  # SSLCertificateChainFile "C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org/ca-xarus.no-ip.org-crt.pem"
  <Directory "C:\wamp64\www\mysite">

pretty confident i located the path to where the v02 renewals are taking place but all i found was an obscure string of filename for the .pem files. I tried changing the vhosts config path to read from those but doing so caused my webserver to be unable to start :(. my guess is because those are diffrently formated .pem(s) not intended for that purpose (and perhaps the filename being obscured has something to do with that).

Therefore I feel at a loss considering i read that letsencrypt will no longer issue certs from wacs v01 and prior :confused: I’m just plain scared, frustrated, and confused honestly.

1 Like
6

Sounds like you need a newer Windows ACME client.

Have a look at:
Posh-ACME: https://github.com/rmbolger/Posh-ACME/releases
Certbot for Windows: https://certbot.eff.org/lets-encrypt/windows-other
Certify The Web: https://certifytheweb.com/

Or if you are really adventurous…
You could try running Linux programs on Windows:

3 Likes
7

Functioning on fumes at work right now but I’ll look into the other clients. And… gulp if that doesn’t work I’ll see if I can learn to run Linux’s certbot on Windows… didn’t know that was a thing but I imagine it’ll be quite the learning curve :sweat_smile: . Whelp, I have until the 20th to make it work.

8

The simplest should be Certbot for Windows

1 Like
9

THAT DID IT!! pointed the httpd-conf to the certificate certbot installed at the default path (after reading the readme and fixing a missing quotation mark :sweat_smile: ) AND IT JUST WORKED!! Thoroughly going to use certbot for windows from now on! Thank all of you so very much! would mark all of these as solution if I could. Was very helpful! :heartbeat:

Edit: sorry for not noticing certbot for windows in the previous post, was functioning on zero sleep that day :confounded:

1 Like
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.