How to renew Lets Encrypt cert on self-hosted AppVeyor

Oliver Collyer's Avatar

Oliver Collyer

03 Jun, 2020 09:25 AM

So a while back I got things working with Lets Encrypt (

60 days later it's expired but AppVeyor has not automatically renewed it.

Is this something I need to do manually, and if so how would I do it? I found some instructions relating to AppVeyor Enterprise, but that details a different approach for originally setting up Lets Encrypt. I just used the AppVeyor build-in web-interface.

Any advice appreciated. I suppose I could just delete the cert and get a new one?

  1. 1 Posted by Oliver Collyer on 03 Jun, 2020 10:20 AM

    Oliver Collyer's Avatar

    So in the end I've just deleted the cert from %ProgramData%\AppVeyor\Server and then gone through the usual steps again and that has worked.

    Can I request a feature for this to be automatically done by AppVeyor if that is possible?

  2. Support Staff 2 Posted by Feodor Fitsner on 03 Jun, 2020 05:15 PM

    Feodor Fitsner's Avatar

    In theory, it should be renewed automatically 30 days before expiration. There is a constant task running on a background every 1 hour checking the cert. Must be something went wrong. Are there any errors/warnings in AppVeyor Event Log?

  3. Feodor Fitsner closed this discussion on 03 Aug, 2020 09:03 PM.

  4. Oliver Collyer re-opened this discussion on 09 Apr, 2021 12:43 PM

  5. 3 Posted by Oliver Collyer on 09 Apr, 2021 12:43 PM

    Oliver Collyer's Avatar

    So this has continued to happen every time it needs to renew, and today I finally got around to checking the log, which has the following entry:

    Category: Appveyor.Services.SslManagementService
    EventId: 0

    Cannot renew Let's Encrypt certificate: Fail to load resource from ''.
    urn:ietf:params:acme:error:badNonce: JWS has an invalid anti-replay nonce: "0003l5k9IZK-JykwwzeedaBjHq9o11vhjtDI7ZCS0iuo4o4"

  6. 4 Posted by Oliver Collyer on 09 Apr, 2021 12:48 PM

    Oliver Collyer's Avatar

    Also, just to add, that I got an email from Lets Encrypt today saying it was time to renew (with 30 days left), and so far there are two entries for the above error in the log (but with a different anti-replace nonce each time).

    The entires are spaced exactly an hour apart, so I'm guessing it will try this every hour now that it has started trying to renew.

  7. Support Staff 5 Posted by Feodor Fitsner on 12 Apr, 2021 06:13 PM

    Feodor Fitsner's Avatar

    Is it install on Windows, Linux or macOS?

  8. 6 Posted by Oliver Collyer on 12 Apr, 2021 07:17 PM

    Oliver Collyer's Avatar


    It’s Windows - I think I figured it out though.

    I didn’t realise that it was necessary to have port 80 open on my router and forwarded to my server, for the renewal to work. So once I did this, and then restarted the server, it renewed.

    Ideally I wouldn’t have to leave port 80 open like that, perhaps it can be improved.

    This thread has a discussion on this very topic



  9. Support Staff 7 Posted by Feodor Fitsner on 12 Apr, 2021 09:57 PM

    Feodor Fitsner's Avatar

    Oh, of course it expects 80 port available for renewal (which I agree is a weird requirement). The error is confusing though. Thanks for update!

  10. Feodor Fitsner closed this discussion on 13 Jun, 2021 09:03 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac