How to renew Lets Encrypt cert on self-hosted AppVeyor

Oliver Collyer's Avatar

Oliver Collyer

03 Jun, 2020 09:25 AM

So a while back I got things working with Lets Encrypt (https://help.appveyor.com/discussions/problems/26476-self-hosted-cant-get-lets-encrypt-working)

60 days later it's expired but AppVeyor has not automatically renewed it.

Is this something I need to do manually, and if so how would I do it? I found some instructions relating to AppVeyor Enterprise, but that details a different approach for originally setting up Lets Encrypt. I just used the AppVeyor build-in web-interface.

Any advice appreciated. I suppose I could just delete the cert and get a new one?

  1. 1 Posted by Oliver Collyer on 03 Jun, 2020 10:20 AM

    Oliver Collyer's Avatar

    So in the end I've just deleted the cert from %ProgramData%\AppVeyor\Server and then gone through the usual steps again and that has worked.

    Can I request a feature for this to be automatically done by AppVeyor if that is possible?

  2. Support Staff 2 Posted by Feodor Fitsner on 03 Jun, 2020 05:15 PM

    Feodor Fitsner's Avatar

    In theory, it should be renewed automatically 30 days before expiration. There is a constant task running on a background every 1 hour checking the cert. Must be something went wrong. Are there any errors/warnings in AppVeyor Event Log?

  3. Feodor Fitsner closed this discussion on 03 Aug, 2020 09:03 PM.

  4. Oliver Collyer re-opened this discussion on 09 Apr, 2021 12:43 PM

  5. 3 Posted by Oliver Collyer on 09 Apr, 2021 12:43 PM

    Oliver Collyer's Avatar

    So this has continued to happen every time it needs to renew, and today I finally got around to checking the log, which has the following entry:

    Category: Appveyor.Services.SslManagementService
    EventId: 0

    Cannot renew Let's Encrypt certificate: Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/new-order'.
    urn:ietf:params:acme:error:badNonce: JWS has an invalid anti-replay nonce: "0003l5k9IZK-JykwwzeedaBjHq9o11vhjtDI7ZCS0iuo4o4"

  6. 4 Posted by Oliver Collyer on 09 Apr, 2021 12:48 PM

    Oliver Collyer's Avatar

    Also, just to add, that I got an email from Lets Encrypt today saying it was time to renew (with 30 days left), and so far there are two entries for the above error in the log (but with a different anti-replace nonce each time).

    The entires are spaced exactly an hour apart, so I'm guessing it will try this every hour now that it has started trying to renew.

  7. Support Staff 5 Posted by Feodor Fitsner on 12 Apr, 2021 06:13 PM

    Feodor Fitsner's Avatar

    Is it install on Windows, Linux or macOS?

  8. 6 Posted by Oliver Collyer on 12 Apr, 2021 07:17 PM

    Oliver Collyer's Avatar

    Helo

    It’s Windows - I think I figured it out though.

    I didn’t realise that it was necessary to have port 80 open on my router and forwarded to my server, for the renewal to work. So once I did this, and then restarted the server, it renewed.

    Ideally I wouldn’t have to leave port 80 open like that, perhaps it can be improved.

    This thread has a discussion on this very topic

    https://community.letsencrypt.org/t/is-port-80-required-for-renewals/121432/3

    Regards

    Oliver

  9. Support Staff 7 Posted by Feodor Fitsner on 12 Apr, 2021 09:57 PM

    Feodor Fitsner's Avatar

    Oh, of course it expects 80 port available for renewal (which I agree is a weird requirement). The error is confusing though. Thanks for update!

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

 

27 Apr, 2021 12:06 AM
26 Apr, 2021 05:03 PM
26 Apr, 2021 06:21 AM
21 Apr, 2021 02:52 AM
21 Apr, 2021 02:43 AM
18 Apr, 2021 08:10 PM