tag:help.appveyor.com,2012-11-13:/discussions/questions/48594-how-to-renew-lets-encrypt-cert-on-self-hosted-appveyorAppVeyor: Discussion 2021-06-13T21:03:58Ztag:help.appveyor.com,2012-11-13:Comment/483795342020-06-03T10:20:02Z2020-06-03T10:20:03ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>So in the end I've just deleted the cert from %ProgramData%\AppVeyor\Server and then gone through the usual steps again and that has worked.</p>
<p>Can I request a feature for this to be automatically done by AppVeyor if that is possible?</p></div>Oliver Collyertag:help.appveyor.com,2012-11-13:Comment/483795342020-06-03T17:15:17Z2020-06-03T17:15:17ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>In theory, it should be renewed automatically 30 days before expiration. There is a constant task running on a background every 1 hour checking the cert. Must be something went wrong. Are there any errors/warnings in AppVeyor Event Log?</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/483795342021-04-09T12:43:11Z2021-04-09T12:43:12ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>So this has continued to happen every time it needs to renew, and today I finally got around to checking the log, which has the following entry:</p>
<p>Category: Appveyor.Services.SslManagementService<br>
EventId: 0</p>
<p>Cannot renew Let's Encrypt certificate: Fail to load resource from '<a href="https://acme-v02.api.letsencrypt.org/acme/new-order">https://acme-v02.api.letsencrypt.org/acme/new-order</a>'.<br>
urn:ietf:params:acme:error:badNonce: JWS has an invalid anti-replay nonce: "0003l5k9IZK-JykwwzeedaBjHq9o11vhjtDI7ZCS0iuo4o4"</p></div>Oliver Collyertag:help.appveyor.com,2012-11-13:Comment/483795342021-04-09T12:48:23Z2021-04-09T12:48:24ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>Also, just to add, that I got an email from Lets Encrypt today saying it was time to renew (with 30 days left), and so far there are two entries for the above error in the log (but with a different anti-replace nonce each time).</p>
<p>The entires are spaced exactly an hour apart, so I'm guessing it will try this every hour now that it has started trying to renew.</p></div>Oliver Collyertag:help.appveyor.com,2012-11-13:Comment/483795342021-04-12T18:13:11Z2021-04-12T18:13:11ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>Is it install on Windows, Linux or macOS?</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/483795342021-04-12T19:17:33Z2021-04-12T19:17:34ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>Helo</p>
<p>It’s Windows - I think I figured it out though.</p>
<p>I didn’t realise that it was necessary to have port 80 open on my router and forwarded to my server, for the renewal to work. So once I did this, and then restarted the server, it renewed.</p>
<p>Ideally I wouldn’t have to leave port 80 open like that, perhaps it can be improved.</p>
<p>This thread has a discussion on this very topic</p>
<p><a href="https://community.letsencrypt.org/t/is-port-80-required-for-renewals/121432/3">https://community.letsencrypt.org/t/is-port-80-required-for-renewal...</a></p>
<p>Regards</p>
<p>Oliver</p></div>Oliver Collyertag:help.appveyor.com,2012-11-13:Comment/483795342021-04-12T21:57:35Z2021-04-12T21:57:35ZHow to renew Lets Encrypt cert on self-hosted AppVeyor<div><p>Oh, of course it expects 80 port available for renewal (which I agree is a weird requirement). The error is confusing though. Thanks for update!</p></div>Feodor Fitsner