search

win-acme / win-acme

A simple ACME client for Windows (for use with Let's Encrypt et al.)
https://www.win-acme.com/
Apache License 2.0
5.26k stars 814 forks source link

Some renewals not ocurring although present in list #964

Closed gristxx closed 5 years ago

gristxx commented 5 years ago

Some renewals are not ocurring although they're present in the Renewals list. I have several hundreds of domains.

95% of my domains renew daily by chunks of ~100 and I'm not running into quota limitation (all different domain names)

E.g. : Some don't renew since 2018/11/7, like if they were omitted. I can renew manually :

5: dr-lespagnol-lise.chirurgiens-dentistes.fr - renew after 2018/11/7 10:33:50

Which renewal would you like to run?: 5 [INFO] Renewing certificate for dr-lespagnol-lise.chirurgiens-dentistes.fr [INFO] Authorize identifier: dr-lespagnol-lise.chirurgiens-dentistes.fr [INFO] Authorizing dr-lespagnol-lise.chirurgiens-dentistes.fr using http-01 validation (FileSystem) [INFO] Answer should now be browsable at http://dr-lespagnol-lise.chirurgiens-dentistes.fr/.well-known/acme-challenge/MQIOcq4-LnszAQ8r4AIcay5ZsL9bPFRDy15sXnvyZtQ [INFO] Authorization result: valid [INFO] Requesting certificate dr-lespagnol-lise.chirurgiens-dentistes.fr 2018/11/22 12:57:01 [INFO] Saving certificate to C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org [INFO] Copying certificate to the Central SSL store [INFO] Saving certificate to Central SSL location D:\CCS\dr-lespagnol-lise.chirurgiens-dentistes.fr.pfx [INFO] Removing certificate from the Central SSL store [INFO] Renewal for dr-lespagnol-lise.chirurgiens-dentistes.fr succeeded [INFO] Next renewal scheduled at 2019/1/16 11:58:47

Software version 1911.2.6726.40690 (RELEASE) Nothing in the logs as far as I've been looking in.

First scheduling gave this : PS D:\TOOLS\WinAcme1.9\bat\logs> cat .\dr-lespagnol-lise.chirurgiens-dentistes.fr.txt

D:\TOOLS\WinAcme1.9\bat>..\letsencrypt.exe --verbose --plugin manual --centralsslstore D:\CCS --webroot D:\inetpub\wwwroot\PW1 --manualhost dr-lespagnol-lise.chirurgiens-dentistes.fr [DBUG] Config folder: C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org [VERB] Settings SettingsService {ConfigPath="C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org", ClientNames=["win-acme", "letsencrypt-win-simple"], RenewalDays=55, HostsPerPage=200, ScheduledTaskRandomDelay=00:45: 00, ScheduledTaskStartBoundary=09:00:00, ScheduledTaskExecutionTimeLimit=05:00:00} [VERB] .NET Framework 4.6.2 detected

[INFO] A Simple ACME Client for Windows (WACS) [INFO] Software version 1911.2.6726.40690 (RELEASE) [INFO] IIS version 10.0 [INFO] ACME server https://acme-v01.api.letsencrypt.org/ [INFO] Please report issues at https://github.com/PKISharp/win-acme [VERB] Verbose mode logging enabled

[DBUG] Renewal period: 55 days [VERB] Store renewals in file C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\Renewals [INFO] Running in Unattended mode [INFO] Plugin Manual generated target [Manual] [1 binding - dr-lespagnol-lise.chirurgiens-dentistes.fr] [DBUG] Loading signer from C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\Signer [DBUG] Getting AcmeServerDirectory [DBUG] Send GET request to https://acme-v01.api.letsencrypt.org/directory [DBUG] Loading registration from C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org\Registration [INFO] Authorize identifier: dr-lespagnol-lise.chirurgiens-dentistes.fr [DBUG] Send POST request to https://acme-v01.api.letsencrypt.org/acme/new-authz [INFO] Authorizing dr-lespagnol-lise.chirurgiens-dentistes.fr using http-01 validation (FileSystem) [VERB] Writing file to D:\inetpub\wwwroot\PW1.well-known\acme-challenge\aK0NOZ3WnSfkgRGLsBLyPl8HQXfJHRra1Xq3EgqpUnY [INFO] Answer should now be browsable at http://dr-lespagnol-lise.chirurgiens-dentistes.fr/.well-known/acme-challenge/aK0NOZ3WnSfkgRGLsBLyPl8HQXfJHRra1Xq3EgqpUnY [DBUG] Submitting answer [DBUG] Send POST request to https://acme-v01.api.letsencrypt.org/acme/challenge/h3gFcIVmGTvTxvaO93E0sRtFtsTqh5a5Nuad9o5Qn9k/7315294120 [DBUG] Refreshing authorization [DBUG] Send GET request to https://acme-v01.api.letsencrypt.org/acme/authz/h3gFcIVmGTvTxvaO93E0sRtFtsTqh5a5Nuad9o5Qn9k [INFO] Authorization result: valid [DBUG] Deleting answer [VERB] Deleting file D:\inetpub\wwwroot\PW1.well-known\acme-challenge\aK0NOZ3WnSfkgRGLsBLyPl8HQXfJHRra1Xq3EgqpUnY [DBUG] Additional files or folders exist in D:\inetpub\wwwroot\PW1.well-known\acme-challenge, not deleting. [DBUG] Certificate folder: C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org [DBUG] Using Centralized SSL path: D:\CCS [DBUG] RSAKeyBits: 2048 [INFO] Requesting certificate dr-lespagnol-lise.chirurgiens-dentistes.fr 2018/9/13 12:32:55 [DBUG] Send POST request to https://acme-v01.api.letsencrypt.org/acme/new-cert [INFO] Saving certificate to C:\ProgramData\win-acme\httpsacme-v01.api.letsencrypt.org [VERB] Converting private key... [DBUG] Set private key exportable [INFO] Copying certificate to the Central SSL store [INFO] Saving certificate to Central SSL location D:\CCS\dr-lespagnol-lise.chirurgiens-dentistes.fr.pfx [INFO] Adding renewal for dr-lespagnol-lise.chirurgiens-dentistes.fr [INFO] Next renewal scheduled at 2018/11/7 10:33:50 PS D:\TOOLS\WinAcme1.9\bat\logs>

WouterTinus commented 5 years ago

Can you check the history for the renewal? You can access that through the menu by listing the renewals and then choosing the number for "show details". I'm curious if there are errors there.

gristxx commented 5 years ago

This one for instance, remained not renewed during ~15 days, and finally went renewed...

13/09/2018 |  -- | -- First time 22/11/2018 | 70 days 16/01/2019 | 55 days

Name: dr-marine-petitjean.chirurgiens-dentistes.fr Target plugin: Manually input host names Validation plugin: Save file on local (network) path Store plugin: CentralSsl Install plugin(s): Do not run any installation steps Renewal due: 2019/1/16 13:34:52 CentralSslStore: D:\CCS KeepExisting: False Warmup: False Renewed: 2 times

1: 2018/9/13 12:59:39 - Success - Thumbprint 2859DCE 2: 2018/11/22 14:33:26 - Success - Thumbprint 950F4F8

WouterTinus commented 5 years ago

So there has not even been a (recorded) attempt to renew. Can you confirm through the history of Task Scheduler and/or logs from Windows Event Viewer that the scheduled task has run between 2018/11/7 and 2018/11/22? Did it report any errors?

gristxx commented 5 years ago

Can't find anything relevant since then... keeping on investigating...

WouterTinus commented 5 years ago

Any updates on this issue?

gristxx commented 5 years ago

Hi, nope sorry, all seems to work normally, may be a reboot during operation or something like that, for all's working fine now... Thanks again for your follow-up. Greg.

Le dim. 27 janv. 2019 à 21:24, Wouter Tinus notifications@github.com a écrit :

Any updates on this issue?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/PKISharp/win-acme/issues/964#issuecomment-457951014, or mute the thread https://github.com/notifications/unsubscribe-auth/ACC1LRoAu3fvv_FyPMyDVBCwsQJ0L9fZks5vHgsUgaJpZM4YvMx0 .

WouterTinus commented 5 years ago

Good to hear! Please let us know if you run into any other problems.