Renewal stuck on Send GET to https://acme-v02.api.letsencrypt.org/directory

[eliassal]

Hi, I am trying to renew my certificate for IIS, I noticed that the schedueled task gets hanged and keeps in status running, I issued

wacs --renew --force --verbose

and it gets stuck as follows

and after 1 hour I broke the sessionn

in the log I have same thing

2024-04-30 13:19:10.131 +02:00 [DBG] secrets.json not found
2024-04-30 13:19:10.454 +02:00 [INF] Arguments: --renew --force --verbose
2024-04-30 13:19:10.702 +02:00 [DBG] Renewal period: 365 days
2024-04-30 13:19:10.705 +02:00 [VRB] Sending e-mails false
2024-04-30 13:19:10.764 +02:00 [INF] Software version 2.1.20.1185 (release, trimmed, standalone, 64-bit) started
2024-04-30 13:19:10.764 +02:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...
2024-04-30 13:19:10.851 +02:00 [VRB] SecurityProtocol setting: "SystemDefault"
2024-04-30 13:19:10.905 +02:00 [DBG] Send GET to "https://acme-v02.api.letsencrypt.org/directory"
2024-04-30 13:31:18.344 +02:00 [INF] Arguments: --renew --baseuri https://acme-v02.api.letsencrypt.org/
2024-04-30 13:31:18.515 +02:00 [INF] Software version 2.1.20.1185 (release, trimmed, standalone, 64-bit) started
2024-04-30 13:31:18.517 +02:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...

the log for the shedueled task also gets stuck

2024-04-30 11:59:55.919 +02:00 [INF] Arguments: --renew --baseuri https://acme-v02.api.letsencrypt.org/
2024-04-30 11:59:56.199 +02:00 [INF] Software version 2.1.20.1185 (release, trimmed, standalone, 64-bit) started
2024-04-30 11:59:56.201 +02:00 [INF] Connecting to "https://acme-v02.api.letsencrypt.org/"...

Thanks for your help

[WouterTinus]

Let me guess, this is an AWS VM?

[eliassal]

No @WouterTinus , it is a win 2k19 VM on Hyper-V on-prem

[WouterTinus]

I would recommend trying different values for the proxy setting, see for options here:

https://www.win-acme.com/reference/settings

[eliassal]

I dont have any proxy, which proxy you are refering to?

[WouterTinus]

Regardless, the software will try to detect if you have a proxy, which has been known to cause issues sometimes. So I recommend to change the detection method or disable proxy detection all together.

[eliassal]

@WouterTinus I disabled proxy as follows

rerun
wacs --renew --force --verbose

same thing is happening, tool gets stuck at "Send get to ........"

[WouterTinus]

The null hould be without quotes, sorry if that's not clear from the docs 😄

[eliassal]

Thanks, ye it went through and certificate was renewed.

However, I have modified the RenewalDays settings in settings.json in section "ScheduledTask" but still the renewal was only for 3 months as you can notice in the snapshot

Does this mean that this parameter is not considered when we run the renewal from commandline?
Thanks again fort your help

[WouterTinus]

It's one of the things that is considered but in this case the actual certificate expiry date wins 😄

[eliassal]

Not sure I understand why "actual certificate expiry date wins" If I renew it with indicating to be 365 days instead of 55? Do you mean that next time I renew in 55 days the 365 will win?

[WouterTinus]

The validity date is generally up to the certificate provider, not up to the client. Let's Encrypt won't issue anything valid longer (or shorter) than 90 days.

[eliassal]

OK, got it. so the schedueled task created by the client will run everyday and on the day 90 will do the renewal?

[WouterTinus]

Release 2.2.9 contains a fix that automatically disables proxy detection after a 30 second timeout.