Windows renew after some admin stupidity


#1

Please fill out the fields below so we can help you better.

My domain is: remote.boatpark.cz

I ran this command: GUI certify or “C:\Program Files\letsencrypt-win-simple.V1.9.1\letsencrypt.exe” --renew --baseuri “https://acme-v01.api.letsencrypt.org/

It produced this output: in certify failed to generate PFX, in lews Checking IIS remote.boatpark.cz (%SystemDrive%\inetpub\wwwroot) Renew After 2/24/2017

My operating system is (include version): win 2012r2

My web server is (include version): iis

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): yes

Hello, i have stupid technical problem. After instal some new roles on my server (work folders) iis stop servicing 80 and 443 (i use http only to get le cert and verify for my hmail server, so i not know it :). In somewhere in this time task scheduler renew my todays expiring http (and imap, pop3,smtp) cert and save them somewhere I can not find (maybe cert was removed during remove work folders role). So I have only today expired cert, but le thinks that I have valid cert no need to renew.
I hope this is reason, why gui Certify is not working too.
So exist any way to get new cert for my server before 2017/02/24? No force parameter on both tools i use. I may use ACME powershell plugin too.
Sorry for this stupid topic, but help is really welcome.
Regards
Jiri Lundak


#2

Hi Jiri

A couple of articles on options here:

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke

https://www.linkedin.com/pulse/lets-encrypt-part-2-3-repurposing-clients-making-things-andrei-hawke

One of the challenges at the moment is to use the windows clients there is a build process needed as most of the are based on Visual Studio Projects.


#3

Hello,

Here are a few points you could check:

  1. In the registry, HKEY_CURRENT_USER\Software\letsencrypt-win-simple\https://acme-v01.api.letsencrypt.org/, should contains “Renewals” and "ScheduledTaskName"entries
  2. In the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, you should find files signer. registration. ca…der ca… pem and serveral files begining with the name of your certificate
  3. check if the renew task in the task scheduler runs under the same credentials as the user who asked the certificate and owns the C:\Users\USER\AppData\Roaming\letsencrypt-win-simple\httpsacme-v01.api.letsencrypt.org directory, dir.

Problems with LetsEncryptWin are often caused by user indentity change, as you will note that the “current” user is used in point1), 2) and 3).

Hope this helps.

Kind regards,

Guy


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.