Certbot running on Windows Server 2019 fails to auto-renew the cert. The log file displays errors. I would like assistance figuring out what I need to do to fix the issue so my cert will renew. I will add the entire log file text also. Any help would be greatly appreciated.
My domain is:
aws-cmca.us
My web server is (include version):
IIS 10.0.17763.1
The operating system my web server runs on is (include version):
Server 2019 version 1809 OS Build 17763.1397
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
I am using Certbot 1.5.0
Log file output:
2020-09-11 09:40:19,277:DEBUG:certbot._internal.main:certbot version: 1.5.0
2020-09-11 09:40:19,277:DEBUG:certbot._internal.main:Arguments:
2020-09-11 09:40:19,277:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-09-11 09:40:19,387:DEBUG:certbot._internal.log:Root logging level set at 20
2020-09-11 09:40:19,387:INFO:certbot._internal.log:Saving debug log to C:\Certbot\log\letsencrypt.log
2020-09-11 09:40:19,418:DEBUG:certbot._internal.plugins.selection:Requested authenticator <certbot._internal.cli.cli_utils._Default object at 0x040BB4F0> and installer <certbot._internal.cli.cli_utils._Default object at 0x040BB4F0>
2020-09-11 09:40:19,465:DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): ocsp.int-x3.letsencrypt.org:80
2020-09-11 09:40:19,621:DEBUG:urllib3.connectionpool:http://ocsp.int-x3.letsencrypt.org:80 “POST / HTTP/1.1” 200 527
2020-09-11 09:40:19,621:DEBUG:certbot.ocsp:OCSP response for certificate C:\Certbot\archive\aws-cmca.us\cert1.pem is signed by the certificate’s issuer.
2020-09-11 09:40:19,621:DEBUG:certbot.ocsp:OCSP certificate status for C:\Certbot\archive\aws-cmca.us\cert1.pem is: OCSPCertStatus.GOOD
2020-09-11 09:40:19,637:DEBUG:certbot._internal.storage:Should renew, less than 30 days before certificate expiry 2020-09-23 14:53:58 UTC.
2020-09-11 09:40:19,637:INFO:certbot._internal.renewal:Cert is due for renewal, auto-renewing…
2020-09-11 09:40:19,637:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2020-09-11 09:40:19,637:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x040BB1D0>
Prep: True
2020-09-11 09:40:19,637:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x040BB1D0> and installer None
2020-09-11 09:40:19,637:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2020-09-11 09:40:19,684:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/89659272’, new_authzr_uri=None, terms_of_service=None), a07dae1bfaebfb2076a487245be3610c, Meta(creation_dt=datetime.datetime(2020, 6, 24, 16, 29, 50, tzinfo=), creation_host=‘aws-cmca-sacs.aws-cmca.us’))>
2020-09-11 09:40:19,684:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-09-11 09:40:19,684:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-09-11 09:40:19,996:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2020-09-11 09:40:19,996:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Sep 2020 14:40:20 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“823oL3WGWAE”: “Adding random entries to the directory”,
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2020-09-11 09:40:19,996:INFO:certbot._internal.main:Renewing an existing certificate
2020-09-11 09:40:20,402:DEBUG:certbot.crypto_util:Generating key (2048 bits): C:\Certbot\keys\0040_key-certbot.pem
2020-09-11 09:40:20,449:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0040_csr-certbot.pem
2020-09-11 09:40:20,465:DEBUG:acme.client:Requesting fresh nonce
2020-09-11 09:40:20,465:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-09-11 09:40:20,527:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-09-11 09:40:20,527:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Sep 2020 14:40:20 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002qUkvocskGImkQAg-qMYTVFE0rpIEr-2OrEdu0cJSkY0
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
2020-09-11 09:40:20,527:DEBUG:acme.client:Storing nonce: 0002qUkvocskGImkQAg-qMYTVFE0rpIEr-2OrEdu0cJSkY0
2020-09-11 09:40:20,543:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “aws-cmca.us”\n }\n ]\n}’
2020-09-11 09:40:20,543:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk2NTkyNzIiLCAibm9uY2UiOiAiMDAwMnFVa3ZvY3NrR0lta1FBZy1xTVlUVkZFMHJwSUVyLTJPckVkdTBjSlNrWTAiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9”,
“signature”: “A3VJO2VM2GFjF7HdS50wr6uKnn1BiLTtaTLNLZaC0h3VFWq6-WoX5f9slgYSFCtWx7PrWz1NMbvSYeBQXSpiOGdI6JPzZVsC20og0PxfsFaSxc3euCDbbYQe97AFyCypQDK0vjuaUdQaWxS4J9ydcApEk1qRYBfMf495A9WcDQUHLlHp2dxyH-NybpMOBBRGRNPeqoesdMC7vnsPUHO2U59_YA5KEU7C8DTBJCmvx2l-0JXvzKeKZXIAkrq0Z8crM2RA-9THW14iHfTm34An_C2EWCQQZIAW_nIUbIrBBBTu3uZZJCOdNxC-J6Nt2tT8XdHTqZkMLa6fZutt5qym8A”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImF3cy1jbWNhLnVzIgogICAgfQogIF0KfQ”
}
2020-09-11 09:40:21,496:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 341
2020-09-11 09:40:21,496:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Fri, 11 Sep 2020 14:40:21 GMT
Content-Type: application/json
Content-Length: 341
Connection: keep-alive
Boulder-Requester: 89659272
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/89659272/5134287968
Replay-Nonce: 0001WYPU-LKBlzHASn3HtUM1irwsanZK0rmhuLKpVYE2FLI
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“status”: “pending”,
“expires”: “2020-09-18T14:40:21.054397905Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “aws-cmca.us”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/7145839792”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/89659272/5134287968”
}
2020-09-11 09:40:21,496:DEBUG:acme.client:Storing nonce: 0001WYPU-LKBlzHASn3HtUM1irwsanZK0rmhuLKpVYE2FLI
2020-09-11 09:40:21,496:DEBUG:acme.client:JWS payload:
b’’
2020-09-11 09:40:21,496:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/7145839792:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk2NTkyNzIiLCAibm9uY2UiOiAiMDAwMVdZUFUtTEtCbHpIQVNuM0h0VU0xaXJ3c2FuWkswcm1odUxLcFZZRTJGTEkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzcxNDU4Mzk3OTIifQ”,
“signature”: “QrStQSIughnccLRrNgMd5y8EIXqbDTmdeyHq76xKoPkrKxFJJ476MKQ667G3XTfPaZNNEmttM81HThoFsRSEv3UYsSCzVvgmUcr0AoizvY9vuzKw6u7wlQri6XBw_aUKrFnV7fCOvp6zK2W4VeQw_k-yqIHJzCU8GvDO4VPPq3i5AVQrzFWd6IS4DJyVV5RBC-uUBhk451byNY4SJOGan0j-_Fu8jhe3D8kQhC4aMLbbfC4TZ2ep8JA0Kt5VlH_JsTUmeMmqCweg0DIa8Zq4z-NnAqT7iP5vqOoxBQ-4NgNwbjZjQOnR9BUz5Ao57j35_tcQC-BAZPWiQ6qqI9Nvpw”,
“payload”: “”
}
2020-09-11 09:40:21,605:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/7145839792 HTTP/1.1” 200 789
2020-09-11 09:40:21,605:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Fri, 11 Sep 2020 14:40:21 GMT
Content-Type: application/json
Content-Length: 789
Connection: keep-alive
Boulder-Requester: 89659272
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0002Rfp7gGdGsxO3B3NbokX9P2GEygukiq_4EZlp2pzfmPY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800
{
“identifier”: {
“type”: “dns”,
“value”: “aws-cmca.us”
},
“status”: “pending”,
“expires”: “2020-09-18T14:40:21Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/7145839792/OaYvHg”,
“token”: “of6H8diXXvDbNffa5KdffUWuwm-ef2wVA_GJNK51u3Q”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/7145839792/gR5vRQ”,
“token”: “of6H8diXXvDbNffa5KdffUWuwm-ef2wVA_GJNK51u3Q”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/7145839792/MLgLfQ”,
“token”: “of6H8diXXvDbNffa5KdffUWuwm-ef2wVA_GJNK51u3Q”
}
]
}
2020-09-11 09:40:21,605:DEBUG:acme.client:Storing nonce: 0002Rfp7gGdGsxO3B3NbokX9P2GEygukiq_4EZlp2pzfmPY
2020-09-11 09:40:21,605:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-09-11 09:40:21,605:INFO:certbot._internal.auth_handler:http-01 challenge for aws-cmca.us
2020-09-11 09:40:21,605:DEBUG:acme.standalone:Failed to bind to :80 using IPv6
2020-09-11 09:40:21,605:DEBUG:acme.standalone:Failed to bind to :80 using IPv4
2020-09-11 09:40:21,637:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 72, in run
address, self.http_01_resources)
File “C:\Program Files (x86)\Certbot\pkgs\acme\standalone.py”, line 190, in init
BaseDualNetworkedServers.init(self, HTTP01Server, *args, **kwargs)
File “C:\Program Files (x86)\Certbot\pkgs\acme\standalone.py”, line 105, in init
raise socket.error(“Could not bind to IPv4 or IPv6.”)
OSError: Could not bind to IPv4 or IPv6.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py”, line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 156, in perform
return [self._try_perform_single(achall) for achall in achalls]
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 156, in
return [self._try_perform_single(achall) for achall in achalls]
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 163, in _try_perform_single
_handle_perform_error(error)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 210, in _handle_perform_error
raise error
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 161, in _try_perform_single
return self._perform_single(achall)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 166, in _perform_single
servers, response = self._perform_http_01(achall)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 173, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 74, in run
raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.
2020-09-11 09:40:21,637:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-09-11 09:40:21,637:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-09-11 09:40:21,637:WARNING:certbot._internal.renewal:Attempting to renew cert (aws-cmca.us) from C:\Certbot\renewal\aws-cmca.us.conf produced an unexpected error: Problem binding to port 80: Could not bind to IPv4 or IPv6… Skipping.
2020-09-11 09:40:21,652:DEBUG:certbot._internal.renewal:Traceback was:
Traceback (most recent call last):
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 72, in run
address, self.http_01_resources)
File “C:\Program Files (x86)\Certbot\pkgs\acme\standalone.py”, line 190, in init
BaseDualNetworkedServers.init(self, HTTP01Server, *args, **kwargs)
File “C:\Program Files (x86)\Certbot\pkgs\acme\standalone.py”, line 105, in init
raise socket.error(“Could not bind to IPv4 or IPv6.”)
OSError: Could not bind to IPv4 or IPv6.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\renewal.py”, line 448, in handle_renewal_request
main.renew_cert(lineage_config, plugins, renewal_candidate)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py”, line 1176, in renew_cert
renewed_lineage = _get_and_save_cert(le_client, config, lineage=lineage)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\renewal.py”, line 306, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py”, line 343, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py”, line 390, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py”, line 70, in handle_authorizations
resps = self.auth.perform(achalls)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 156, in perform
return [self._try_perform_single(achall) for achall in achalls]
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 156, in
return [self._try_perform_single(achall) for achall in achalls]
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 163, in _try_perform_single
_handle_perform_error(error)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 210, in _handle_perform_error
raise error
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 161, in _try_perform_single
return self._perform_single(achall)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 166, in _perform_single
servers, response = self._perform_http_01(achall)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 173, in _perform_http_01
servers = self.servers.run(port, challenges.HTTP01, listenaddr=addr)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\plugins\standalone.py”, line 74, in run
raise errors.StandaloneBindError(error, port)
certbot.errors.StandaloneBindError: Problem binding to port 80: Could not bind to IPv4 or IPv6.
2020-09-11 09:40:21,652:ERROR:certbot._internal.renewal:All renewal attempts failed. The following certs could not be renewed:
2020-09-11 09:40:21,652:ERROR:certbot._internal.renewal: C:\Certbot\live\aws-cmca.us\fullchain.pem (failure)
2020-09-11 09:40:21,652:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py”, line 193, in _run_module_as_main
File “D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py”, line 85, in run_code
File "C:\Program Files (x86)\Certbot\bin\certbot.exe_main.py", line 33, in
sys.exit(main())
File “C:\Program Files (x86)\Certbot\pkgs\certbot\main.py”, line 15, in main
return internal_main.main(cli_args)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py”, line 1347, in main
return config.func(config, plugins)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py”, line 1255, in renew
renewal.handle_renewal_request(config)
File “C:\Program Files (x86)\Certbot\pkgs\certbot_internal\renewal.py”, line 473, in handle_renewal_request
len(renew_failures), len(parse_failures)))
certbot.errors.Error: 1 renew failure(s), 0 parse failure(s)
2020-09-11 09:40:21,668:ERROR:certbot._internal.log:1 renew failure(s), 0 parse failure(s)