I'm running FileZilla 1.7.3 on a Windows Server 2022. I setup Let's Encrypt through Filezilla several months ago, and it's been running and updating the certificate successfully until recently. I have not updated Filezilla, or changed anything on the server - although normal Windows Updates, etc are happening automatically. Also checked the firewall, no changes, and still looks good.
I'm not sure how long Filezilla has been failing to renew the certificate - the log file is only retained a couple of days. Based on the certificate Expiration date, I'm guessing 6 days ago.
Log entries (5-Debug) - cleansed of identification :
2023-12-08T01:51:07.909Z == [ACME Daemon] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/acme/acct/****], for the domains [shadowcontrol.t***].
2023-12-08T01:51:07.909Z == [ACME Daemon] Starting renewal of certificate NOW.
2023-12-08T01:51:07.910Z == [ACME] Listening on 0.0.0.0:80.
2023-12-08T01:51:07.910Z == [ACME] Listening on [::]:80.
2023-12-08T01:51:07.910Z DD [ACME] >>> Entering do_get_certificate
2023-12-08T01:51:07.910Z DD [ACME] >>> Entering do_get_account
2023-12-08T01:51:07.910Z DI [ACME] Getting directory...
2023-12-08T01:51:07.910Z DD [ACME/HTTP Client] Connecting to acme-v02.api.letsencrypt.org:443
2023-12-08T01:51:07.910Z DD [ACME] <<< Leaving do_get_account
2023-12-08T01:51:07.910Z DD [ACME] <<< Leaving do_get_certificate
2023-12-08T01:51:08.323Z DD [ACME/HTTP Client] Certificate is trusted: no
2023-12-08T01:51:08.323Z DW [ACME/HTTP Client] ECONNABORTED - Connection aborted. Could not connect to host acme-v02.api.letsencrypt.org:443.
2023-12-08T01:51:08.323Z !! [ACME] Error: HTTP Internal error: ECONNABORTED - Connection aborted. Could not connect to host acme-v02.api.letsencrypt.org:443.
2023-12-08T01:51:08.323Z DD [ACME] Destroying.
2023-12-08T01:51:08.323Z DD [ACME] Stopping listeners.
2023-12-08T01:51:08.323Z DD [ACME] Destroying sessions.
2023-12-08T01:51:08.323Z !! [ACME Daemon] Finished renewal of certificate for the domains [shadowcontrol.t***], registered with the account [https://acme-v02.api.letsencrypt.org/acme/acct/****]. FAILED.
2023-12-08T01:51:08.323Z !! [ACME Daemon] Retrying in 300 seconds.
2023-12-08T01:51:08.327Z == [ACME Daemon] Next certificate to be renewed is registered with the account [https://acme-v02.api.letsencrypt.org/acme/acct/****], for the domains [shadowcontrol.t***].
2023-12-08T01:51:08.327Z == [ACME Daemon] It will be renewed on the date [Fri, 08 Dec 2023 01:56:08 GMT].
2023-12-08T01:51:08.327Z DW [ACME/HTTP Client] 105. Channel closed with error from source 0.
I've checked that I can get to Let's Encrypt website from the server- all tests are good.
Any thoughts where to look next?
Could not connect to host acme-v02.api.letsencrypt.org:443
Moderator: Project members
Re: Could not connect to host acme-v02.api.letsencrypt.org:443
From the log, it appears the certificate of the let's encrypt host is not trusted. It means the system trust store is not up to date.
FileZilla Server has no access to the trust store of the browser, which uses its own rather than the system's one, hence why the browser works.
You need to update the operating system's trust store. This is typically done by updating the OS itself.
FileZilla Server has no access to the trust store of the browser, which uses its own rather than the system's one, hence why the browser works.
You need to update the operating system's trust store. This is typically done by updating the OS itself.
Re: Could not connect to host acme-v02.api.letsencrypt.org:443
Hi oibaf,
Thanks for this.
I had previously checked that there were no Windows Updates outstanding. I checked again, and there were still no Windows Updates outstanding, just the nuisanse Defender Antivirus Update.
I had already checked the system trust store (MMC > local computer certificates > Trusted Root Certification Authority store > certificates). Checked again that the ISRG Root X1 certificate was there and confirmed that it appears to be up-to-date.
Tried to renew the certificate again, still no joy.
While checking this I noticed that the server had not rebooted for a couple of months, so I scheduled a reboot of the server over the weekend. And have come in this mornng to see the certificate has successfully renewed!!! Mark it up to another MS glitch
Anyhow, thanks for your confirmation that it was an issue with trusting the certificate. It stopped me going off on a tangent.
Thanks for this.
I had previously checked that there were no Windows Updates outstanding. I checked again, and there were still no Windows Updates outstanding, just the nuisanse Defender Antivirus Update.
I had already checked the system trust store (MMC > local computer certificates > Trusted Root Certification Authority store > certificates). Checked again that the ISRG Root X1 certificate was there and confirmed that it appears to be up-to-date.
Tried to renew the certificate again, still no joy.
While checking this I noticed that the server had not rebooted for a couple of months, so I scheduled a reboot of the server over the weekend. And have come in this mornng to see the certificate has successfully renewed!!! Mark it up to another MS glitch
Anyhow, thanks for your confirmation that it was an issue with trusting the certificate. It stopped me going off on a tangent.
Re: Could not connect to host acme-v02.api.letsencrypt.org:443
"Have you tried turning it off and on again?" 