search

fszlin / certes

A client implementation for the Automated Certificate Management Environment (ACME) protocol
MIT License
543 stars 119 forks source link

Error Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/new-acct'. urn:ietf:params:acme:error:serverInternal: failed check for existing account - at Certes.Acme.IAcmeHttpClientExtensions #295

Closed mmsw-git closed 1 year ago

mmsw-git commented 2 years ago

Hello, I use .NET based program to renew our certificates (IIS on Windows Server 2019, Certes 3.0.3). It worked well for many months. Last 2 months running from scheduler falls into error: Exception line: myAccount = Await myAcme.NewAccount(My.Settings.acmeEmail, True) Error: Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/new-acct'. urn:ietf:params:acme:error:serverInternal: failed check for existing account - at Certes.Acme.IAcmeHttpClientExtensions.

If it is run by Task Sheduler timer, it returns error. If I run it manualy by Run button in Task Scheduler, it works well. I cannot find any difference. Same user, same rights (highest privilege).

Thank you for your help Miroslav

cmbellman commented 1 year ago

I think I have a similar issue, on either NewAccount or after using an existing acmeAccountKey on this line var account = await acme.Account();

I get this stacktrace:

Object reference not set to an instance of an object.
   at Certes.Acme.AccountContext.<>c.<NewAccount>b__4_0(Directory d)
   at Certes.IAcmeContextExtensions.<GetResourceUri>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Certes.Acme.AccountContext.<NewAccount>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Certes.AcmeContext.<Account>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()

@mmsw-git Did you find a solution for this? My solution also worked fine for several years, but soon my SSL certs will expire... :/

webprofusion-chrisc commented 1 year ago

Check that your machine is able to use TLS 1.2 when making https requests as Let's Encrypt recently retired support for previous TLS versions. Some old versions of windows (server 2012 for example) don't enable this by default, you can us IIS Crypto in Best Practices mode to auto configure windows. https://www.nartac.com/Products/IISCrypto/

mmsw-git commented 1 year ago

My problem was related to wrong login in Windows Service. Miroslav

cmbellman commented 1 year ago

@webprofusion-chrisc Thank you, that was it! Enabled TLS 1.2 on the machine running my software and then it started to work again! It's an old win7 installation.