One of our development servers had one of its domains not connect over https, most probably due to a bad certificate. At first, I wondered if it was due to the update being scheduled at night when the server was shut down. But no, the default time is 9 am, and the task runs between 9 and 10 am. The log is located at %programdata%\win-acme\$baseuri$\Log according to https://www.win-acme.com/manual/advanced-use/custom-logging and checking there, found errors like
Warning - Existing https binding "oursite.com":443"" not updated because it doesn't seem to match the new certificate!
Information - Committing 1 "https" binding changes to IIS
Information - Updating existing https binding "oursite.com":443"" (flags: 1)
Running the command-line wacs.exe and choosing to force update the certificate worked fine.
This seems to be a bug in win-acme,
https://github.com/win-acme/win-acme/issues/2076#issuecomment-1060274192
so I've now upgraded to the latest version 2.1.23 hoping the next renewal 3 months later would be fine.
Edit - the next renewal also failed. So, shifted to cloudflare origin certificate instead, https://hnsws.blogspot.com/2023/03/setting-up-cloudflare-origin.html
No comments:
Post a Comment