I’m testing the software out as a POC to automate our renewals through GoDaddy as our CA and using IIS. I’ve gotten as far as trying to renew an existing certificate but keep getting an error that says :
“Fail to load resource from ‘https://acme.godaddy.com/v1/acme/new-order’.
urn:ietf:params:acme:error:serverInternal: Server encountered an unexpected error when attempting to create the new order. [You do not have an available product]”
The cert type I’m trying to renew is supported for ACME and all tests pass. I’m at a standstill.
Hi, I haven’t tried the GoDaddy ACME service (I didn’t actually know they had one) but if it’s ACME V1 it will not be compatible with our app, we use ACME V2 (which dates back to 2018).
If GoDaddy could recommend an ACME V1 client that still works yo could use that to get your certificate, then convert to PFX and deploy to IIS using powershell. The main steps are:
- Prepare your PFX file (container for the cert, intermediate certs and private key, password optional)
- Import the PFX in the Local Machine certificate store (Personal or Web Hosting stores).
- Add/update your sites https binding to use the thumbprint/hash of the new certificate.
Thank you. It doesn’t seem like anyone knows that GoDaddy has the service because examples and documentation are proving difficult to find. The only guide they provide is very loose and geared toward certbot, however I don’t think certbot provides the full automation that I was looking for in your tool.
I did reach out to GoDaddy’s support and they indicated that it might be because we don’t have external DNS set up for the site. I don’t want to set it up because it’s only a POC test server to see if this would work for us. Can you confirm that this process would only work if the server is set up that way?
I think they are getting confused with ACME DNS validation, which is part of ACME certificate renewal (you would generally use either http validation or DNS validation) and will be much more common from a support perspective.
There ACME CA may work, but it requires a tool that’s ACME v1 compatible, I’m not sure if certbot still is but if it is then you could use that to create the certificate files, then script the conversion to PFX etc.