skip to Main Content

Let’s Encrypt unable to install certificate (0x80070520)

When installing the Let’s Encrypt certificate an error is showing, Let’s Encrypt unable to install certificate. Let’s encrypt error (COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520). After the error, the Let’s Encrypt certificate is not installed. In this article, you will learn why this is happening and the solution for Let’s Encrypt unable to install certificate (0x80070520).

Let’s Encrypt unable to install the certificate

The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ web servers, allowing the automated deployment of public key infrastructure at a very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let’s Encrypt service.

Run Let’s Encrypt Win-ACME client and install the certificate on the system. In my example, it’s the Exchange Server. Read the article Install FREE Let’s Encrypt certificate in Exchange Server. In the last step, it’s going to install the Let’s Encrypt certificate.

 Using cached order. To force issue of a new certificate within 1 days, run with the --force switch. Be ware that you might run into rate limits doing so.
 Cached authorization result for autodiscover.exoip.com: valid
 Cached authorization result for mail.exoip.com: valid
 Requesting certificate [Manual] mail.exoip.com
 Store with CertificateStore...
 Installing certificate in the certificate store
 Adding certificate C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 to store WebHosting
 Installation step 1/2: IIS...
 Updating existing https binding :443:127.0.0.1 (flags: 0)
 Updating existing https binding :443 (flags: 0)
 Committing 2 https binding changes to IIS
 (COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520)

 Create certificate failed, retry? (y/n*)

Let’s Encrypt is installing, and the output is giving us the following error:

(COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520)

Solution for unable to install the certificate Let’s Encrypt

If you previously did run the Win-ACME client, a certificate is already downloaded on the system. We have to delete the files on the system to prevent the error from showing. Log into the system that is showing the error when installing the Let’s Encrypt certificate. The folder ProgramData is hidden. If you like to see the folder in File Explorer, make sure to enable hidden items.

Delete files in Certificates folder

Start File Explorer and go to the following path:

C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates

Delete all the files in the Certificates folder.

Lets Encrypt unable to install certificate (0x80070520) certificates folder

Delete files in Orders folder

In File Explorer go to the following path:

C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders

Delete all the files in the Orders folder.

Lets Encrypt unable to install certificate (0x80070520 orders folder

Run Win-ACME client

Run Win-ACME client on the system. Follow the wizard to install Let’s Encrypt certificate in Exchange Server.

 Cached authorization result for autodiscover.exoip.com: valid
 Cached authorization result for mail.exoip.com: valid
 Requesting certificate [Manual] mail.exoip.com
 Store with CertificateStore...
 Installing certificate in the certificate store
 Adding certificate [Manual] mail.exoip.com @ 2020/5/24 12:32:43 to store WebHosting
 Installation step 1/2: IIS...
 Updating existing https binding :443:127.0.0.1 (flags: 0)
 Updating existing https binding :443 (flags: 0)
 Committing 2 https binding changes to IIS
 Installation step 2/2: Script...
 Script C:\Program Files\Lets Encrypt\Scripts\ImportExchange.ps1 starting with parameters '7FEB94B25196C077F6E5DBDA651EF265CC4E7BF2' 'IIS,SMTP,IMAP' 1 'C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\mA-p-IEKGUyefhs7SIq8uA-9abaf6276b9e2fb42d8332879c4c9eb396dd699e-temp.pfx' 'sMIZHK2RfJnbRra0NkvzGbWtvxp/PtbpltrRaIy+CFg=' '[Manual] mail.exoip.com @ 2020/5/24 12:32:43'
 Script finished
 Scheduled task looks healthy
 Adding renewal for [Manual] mail.exoip.com
 Next renewal scheduled at 2020/7/18 12:32:43

This time the error did not show up. Let’s Encrypt certificate is installed successfully. Did it work for you?

Keep on reading: Export Let’s Encrypt certificate in Windows Server »

Conclusion

In this article, you learned why Let’s Encrypt is unable to install certificate (0x80070520). Go to the specified folders and delete the files. Run the Let’s Encrypt Win-ACME client and follow the wizard to install the Let’s Encrypt certificate.

Did you enjoy this article? You may also like New-MailboxExportRequest is not recognized in Exchange Server. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

This Post Has 0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top