Hope someone can help… I have a certificate set up with Manual DNS for verification and I have successfully updated the verification string and renewed it dozens of times, but this month I updated the string and clicked “Request Certificate” and got the following error message:
If I click “Renew All” at the top of the screen it just tells me that this certificate is paused awaiting user action. In the past, if I hadn’t updated the string, or the string was incorrect, I would get a different error message at this point that showed the correct string that needed to be configured in DNS.
Any help would be appreciated as I’ve been searching unsuccessfully for a solution for a bit now and have a few days until the certificate expires.
Are you using the latest V6.0.6? This has been reporting another user but I haven’t managed to reproduce the problem yet. Try restarting the Certify background service, reopen the app and click Request Certificate again to start the process again.
If you can move away from Manual DNS you should immediately do so - we only provide it for basic testing and it’s not intended as a real way to renew certs.
Have you tried http validation and if so why does that not work for you?
Thanks for your reply. Yes, I did update the machine to 6.0.6 and have followed your suggestion to restart the Certify service, but am still getting the exact same error. The reason I can’t do an http validation is that the machine is an RDP Gateway and not a web server.
Thanks, if your server has a public dns name/ip and port 80 is open you can still do http validation - the app will launch a temporary http listener just for that purpose.
However I’d prefer to get this bug fixed, would you be able to send your C:\ProgramData\Certify\manageditems.db file and your logs from C:\ProgramData\certify\logs through to support{at}certifytheweb.com - that could help with reproducing the problem.
Regarding DNS validation, if we don’t have a built in provider for your type of DNS you could also look at Certify DNS in case you haven’t already: Certify DNS | Certify The Web Docs
It is a service we run which provides dns challenge responses. You set up a special CNAME record pointing to our service, then you never need to make any more changes to your domains DNS for that cert.
It’s managed by us and is available as a subscription via Azure Marketplace or an annual license. While it is a small additional cost it also means you’re no longer having to perform manual dns updates for cert validation and you can use it with up to 500 different domains/subdomains.
I will also look into some of the other options. I host my DNS via R53, but need to look through the documentation regarding access rights that would need to be put in place.
As a follow up, we have found the problem that causes this, and a new version 6.0.7 will be released shortly. The issue was that Let’s Encrypt now appears to dispose of existing orders sooner than they used to, so it’s more likely that the order that was started will be invalid by the time you attempt to complete the DNS challenge. The app was not storing the failed attempt to resume the order as an overall failure and getting stuck in the Waiting For User/Paused state.
A workaround is to delete the managed certificate and create a new one.
This update (6.0.7) as now been released. If you resume a failing manual dns request now the order will properly fail (because the CA has expired the order in their system) and you can start again with “Request Certificate”.
