Hi, I had root certificate issues with R3 and the DC A certificates that expired in September 2021. So I recreated the certificates, but I used the domain name - which worked correctly and it gave me the certificate and i corrected the bindings in IIS.
But then I found that i was no longer able to go www.domain.com, and i could only do https://domain.com.
So i sorted out the URL bindings and regenerated the certificate, and then I realised what my issue was, so I reverted back - but now I am in a bind as I have requested the certificate more than 5 times in the last 168 hours…
How do I go about fixing this issue and getting back on track? Or do I need to wait for some time until I am able to regenerate or issue the certificate again?
H,
This is a known issue affecting some users who didn’t have the new Let’s Encrypt root certificate installed ISRG Root X1 (self signed)
If you install the latest Certify The Web this certificate will be automatically added to your servers certificate trusts store and you will be able to build new certificates, alternatively you can install it manually if you haven’t got it already. Let's Encrypt DST Root CA X3 expiry Sept 30th 2021 | Certify The Web Docs
As your server has repeatedly attempted to order a certificate and failed you will need to wait 1 week for the Let’s Encrypt rate limit to reset, then renewals will automatically resume as normal, as long as you have the ISRG Root X1 certificate installed. Root certificate updates are a normal part of automatic windows updates, so you should ideally review why your server is not receiving these.
You will not be able to generate the same certificate again until the rate limit expires but you could consider the following workarounds:
- Change certificate authority (e.g. switch to ZeroSSL)
- or, modify the domains on your certificate to add or remove a subdomain- Let’s Encrypt will see this as a new certificate order.