Windows renew after some admin stupidity

lundakj · January 15, 2017, 6:41pm

Please fill out the fields below so we can help you better.

I ran this command: GUI certify or “C:\Program Files\letsencrypt-win-simple.V1.9.1\letsencrypt.exe” --renew --baseuri “https://acme-v01.api.letsencrypt.org/”

It produced this output: in certify failed to generate PFX, in lews Checking IIS remote.boatpark.cz (%SystemDrive%\inetpub\wwwroot) Renew After 2/24/2017

My operating system is (include version): win 2012r2

My web server is (include version): iis

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Hello, i have stupid technical problem. After instal some new roles on my server (work folders) iis stop servicing 80 and 443 (i use http only to get le cert and verify for my hmail server, so i not know it :). In somewhere in this time task scheduler renew my todays expiring http (and imap, pop3,smtp) cert and save them somewhere I can not find (maybe cert was removed during remove work folders role). So I have only today expired cert, but le thinks that I have valid cert no need to renew.
I hope this is reason, why gui Certify is not working too.
So exist any way to get new cert for my server before 2017/02/24? No force parameter on both tools i use. I may use ACME powershell plugin too.
Sorry for this stupid topic, but help is really welcome.
Regards
Jiri Lundak

ahaw021 · January 28, 2017, 8:53am

Hi Jiri

A couple of articles on options here:

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke

https://www.linkedin.com/pulse/lets-encrypt-part-2-3-repurposing-clients-making-things-andrei-hawke

One of the challenges at the moment is to use the windows clients there is a build process needed as most of the are based on Visual Studio Projects.

guyvaio · February 19, 2017, 9:46am

Hello,

Here are a few points you could check:

In the registry, HKEY_CURRENT_USER\Software\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/, should contains “Renewals” and "ScheduledTaskName"entries
In the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, you should find files signer. registration. ca…der ca… pem and serveral files begining with the name of your certificate
check if the renew task in the task scheduler runs under the same credentials as the user who asked the certificate and owns the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, dir.

Problems with LetsEncryptWin are often caused by user indentity change, as you will note that the “current” user is used in point1), 2) and 3).

Hope this helps.

Kind regards,

Guy

system · March 21, 2017, 9:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cert not renewing but no errors? Help	4	4424	February 11, 2017
Autorenew IIS stopped working Help	2	436	July 1, 2021
How to renew a certificate? Help	5	1902	April 29, 2021
Renewals after a site has moved to new IIS website Help	6	918	June 21, 2018
Renew expired certificate on windows server2019 Help	3	4136	May 23, 2022

Windows renew after some admin stupidity

Related topics