Preview is OK but failed to get certificate

Hello,
windows 2012 + .net 4.6.2
Preview passed, but always throw exception

See logs:

2020-03-08 07:34:11.557 +08:00 [INF] Certify/4.1.7.0 (Windows; Microsoft Windows NT 6.2.9200.0)
2020-03-08 07:34:11.559 +08:00 [INF] Beginning Certificate Request Process: www.haruplus.com using ACME Provider:Certes
2020-03-08 07:34:11.562 +08:00 [INF] 注册域名标识符
2020-03-08 07:34:11.878 +08:00 [ERR] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2020-03-08 07:34:19.073 +08:00 [INF] Created ACME Order: ---- removed – reportd new user only 2 links :frowning:
2020-03-08 07:34:19.508 +08:00 [INF] Fetching Authorizations.
2020-03-08 07:34:21.664 +08:00 [INF] Got ---- removed – reportd new user only 2 links:(
2020-03-08 07:34:22.334 +08:00 [INF] Order authorizations already completed.
2020-03-08 07:34:22.507 +08:00 [INF] 正在申请证书
2020-03-08 07:34:39.080 +08:00 [ERR] Certificate request process failed: Org.BouncyCastle.Pkix.PkixCertPathBuilderException: Certification path could not be validated. —> Org.BouncyCastle.Pkix.PkixCertPathValidatorException: Could not validate certificate: certificate not valid until 20200308063435GMT+00:00
在 Org.BouncyCastle.Pkix.Rfc3280CertPathUtilities.ProcessCertA(PkixCertPath certPath, PkixParameters paramsPKIX, Int32 index, AsymmetricKeyParameter workingPublicKey, X509Name workingIssuerName, X509Certificate sign)
在 Org.BouncyCastle.Pkix.PkixCertPathValidator.Validate(PkixCertPath certPath, PkixParameters paramsPkix)
在 Org.BouncyCastle.Pkix.PkixCertPathBuilder.Build(X509Certificate tbvCert, PkixBuilderParameters pkixParams, IList tbvPath)
在 Org.BouncyCastle.Pkix.PkixCertPathBuilder.Build(PkixBuilderParameters pkixParams)
在 Certes.Pkcs.PfxBuilder.FindIssuers()
在 Certes.Pkcs.PfxBuilder.Build(String friendlyName, String password)
在 Certify.Providers.Certes.CertesACMEProvider.ExportFullCertPFX(String certFriendlyName, IKey csrKey, CertificateChain certificateChain, String pfxFile)
在 Certify.Providers.Certes.CertesACMEProvider.d__30.MoveNext()
在 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
在 System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
在 Certify.Management.CertifyManager.d__12.MoveNext() 位置 C:\Work\GIT\certify_4.x\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:Line 744
在 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
在 System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)
在 Certify.Management.CertifyManager.d__11.MoveNext() 位置 C:\Work\GIT\certify_4.x\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:Line 557
在 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
在 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
在 Certify.Management.CertifyManager.d__8.MoveNext() 位置 C:\Work\GIT\certify_4.x\src\Certify.Core\Management\CertifyManager\CertifyManager.CertificateRequest.cs:Line 333

Hi, your system time is slightly out compared to internet time, so your certificate is not valid until the future. Update your servers date/time settings to sync from an internet time server.

If you have fetched the cert multiple times and it’s failed repeatedly you might hit a Let’s Encrypt rate limit (too many certificates issued for exact set of domains) but they go away after a few days or you can add another sub-domain to the certificate if required.