When you initiate certificate issuing process you should have http://appveyor.domain.com (HTTP) in Application public URL of General tab of system settings, i.e. the app should be opened in the browser with the exact same HTTP URL. Then you choose Let's encrypt option and click "Update".
Issued certificate in PFX format is stored in %ProgramData%\AppVeyor\Server directory.
on 04 Mar, 2020 07:08 PM
It was running as the "appveyor" user which I assume was generated by the installer and is listed as "Administrator - Local User" in Windows 10 settings.
I changed the service to run as Local User, and this has solved the problem.
Is there a need for the service to run as a new "appveyor" account? 99% of the services listed on my computer run as either "Local User" or "Local Service" with a few as "Network Service". None have a custom-created user.
It's a good practice to run a service under separate user account, to reduce the scope of permissions the service has, to reduce the surface of attack. However, it's not mandatory. That's great changing service identity fixed the issue for you.