Bobcares

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till November 30th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

For every $500 you spend, we will provide you with a $500 credit on your account*

BLACK FRIDAY SPECIAL

*The maximum is $4000 in credits, Offer valid till November 30th, 2024, New Customers Only, Credit will be applied after purchase and expires after six (6) months

How to renew LetsEncrypt in Windows?

by | Jan 9, 2019

LetsEncrypt SSL is one of the ways to secure websites in Windows servers.

But, the renewal of SSL certificate every 90 days can become tedious. And, when you forget the renewal, it results in website failure too.

At Bobcares, we help customers to automate LetsEncrypt SSL renewal in Windows servers as part of our Support Services for web hosts.

Today, we’ll see how we renew Let’s Encrypt SSL in Windows and fix common problems that appear while SSL renewal.

 

 

How to automate LetsEncrypt SSL in Windows?

LetsEncrypt secures around 150 million websites. And, it is really popular because it comes free of cost. But, it will be effective in securing websites only with periodic renewals.

LetsEncrypt uses the ACME (Automatic Certificate Management Environment) protocol to verify the control of a given domain name. Nowadays, with automation tools, the task of renewal has become hassle-free.

One of the methods that our Support Engineers follow in Windows server is to add Scheduled task for Let’s Encrypt renewal.

For example, we’ve seen that ACME clients like LetsEncrypt Win Simple client, AcmeSharp PowerShell module, etc. work for windows. These tools provide the option to add scheduled task in Windows that automatically renew the SSL certificate expiring in next 60 days.

 

Common failure points in LetsEncrypt renewal

Although, there are methods to automatically renew LetsEncrypt SSL, we often see customers having problems with renewal process.

Now, we’ll see the top reasons for the failure and how our Support Engineers fix them.

 

1. Renewing already expired SSL

At times, server owners forget to renew SSL on time. And, an attempt to renew expired SSL via command line will show a later renewal date. But, the site’s SSL will not work.

Recently, a customer reported this problem in Windows 10, with IIS 10 as webserver. Here, to fix the problem, our Support Engineers had to manually edit the registry (HKCU/Software/Let’s Encrypt) and set the correct dates.

 

2. LetsEncrypt SSL Renewal failure in Plesk

Similarly, we’ve seen problems with LetsEncrypt SSL Renewal in Plesk.  Here, the backup of the domain failed with the following warning.

psacontentfile.FileAccessException: Can not open for reading file "C:/Program Files (x86)/Parallels/Plesk/var/modules\letsencrypt\etc\live\example.com\cert.pem". The filename, directory name, or volume label syntax is incorrect

In this case, to find the reason for renewal failure, our Support Engineers check the logs that can be found in %plesk_dir%\admin\logs\php_error.log file.

On Windows systems, the certificate files of the domain are located in the directory “%plesk_dir%var\modules\letsencrypt\etc\archive\example.com\”. After analyzing the logs, we found that the renewal of SSL was failing due to a bug in Let’s Encrypt version.

Here, to fix the problem, we manually renewed SSL from the Plesk Panel. Additionally, we had to update Let’s Encrypt version on the server to LetsEncrypt 2.4.0.

 

3. Policy forbids issuing for name

Again, LetsEncrypt SSL renewal can fail due to blacklisting of domain name or hostname. And, an attempt to fetch the certificate will result in the error :

Error: Could not issue a Let's Encrypt SSL/TLS certificate for exactblacklist.letsencrypt.org
Perhaps this domain is at risk group and is blacklisted on the Let's Encrypt side.
Invalid response from http://example.com/acme/newauthz.
Details:
Type: urn:acme:error:rejectedIdentifier
Status: 400
Detail: Error creating new authz :: Policy forbids issuing for name

This error happens in the case of domains like *.cloudapp.net or *.amazonaws.com. Here, our Support Engineers replace the domain name with a clean one. After this, the SSL renewal will work fine.

 

Conclusion

LetsEncrypt SSL renewal can often go wrong in Windows servers due to reasons like buggy renewal tools, blacklisting of domains, etc. Today, we’ve seen how our Support Engineers effectively set up LetsEncrypt SSL renewal and fix common problems with it.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

SEE SERVER ADMIN PLANS

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF