How to install Exchange certificate with PowerShell? You already have a certificate and you want…
Let’s Encrypt unable to install certificate (0x80070520)
When installing the Let’s Encrypt certificate an error is showing, Let’s Encrypt unable to install certificate. Let’s encrypt error (COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520). After the error, the Let’s Encrypt certificate is not installed. In this article, you will learn why this is happening and the solution for Let’s Encrypt unable to install certificate (0x80070520).
Table of contents
Let’s Encrypt unable to install the certificate
The Automatic Certificate Management Environment (ACME) protocol is a communications protocol for automating interactions between certificate authorities and their users’ web servers, allowing the automated deployment of public key infrastructure at a very low cost. It was designed by the Internet Security Research Group (ISRG) for their Let’s Encrypt service.
Run Let’s Encrypt Win-ACME client and install the certificate on the system. In my example, it’s the Exchange Server. Read the article Install FREE Let’s Encrypt certificate in Exchange Server. In the last step, it’s going to install the Let’s Encrypt certificate.
Using cached order. To force issue of a new certificate within 1 days, run with the --force switch. Be ware that you might run into rate limits doing so.
Cached authorization result for autodiscover.exoip.com: valid
Cached authorization result for mail.exoip.com: valid
Requesting certificate [Manual] mail.exoip.com
Store with CertificateStore...
Installing certificate in the certificate store
Adding certificate C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3 to store WebHosting
Installation step 1/2: IIS...
Updating existing https binding :443:127.0.0.1 (flags: 0)
Updating existing https binding :443 (flags: 0)
Committing 2 https binding changes to IIS
(COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520)
Create certificate failed, retry? (y/n*)
Let’s Encrypt is installing, and the output is giving us the following error:
(COMException) Unable to install certificate: A specified logon session does not exist. It may already have been terminated. (0x80070520)
Solution for unable to install the certificate Let’s Encrypt
If you previously did run the Win-ACME client, a certificate is already downloaded on the system. We have to delete the files on the system to prevent the error from showing. Sign in to the system that is showing the error when installing the Let’s Encrypt certificate. The folder ProgramData is hidden. If you like to see the folder in File Explorer, make sure to enable hidden items.
Step 1. Delete files in Certificates folder
Start File Explorer and go to the following path:
C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates
Delete all the files in the Certificates folder.
Step 2. Delete files in Orders folder
In File Explorer go to the following path:
C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders
Delete all the files in the Orders folder.
Run Win-ACME client
Run Win-ACME client on the system. Follow the wizard to install Let’s Encrypt certificate in Exchange Server.
Cached authorization result for autodiscover.exoip.com: valid
Cached authorization result for mail.exoip.com: valid
Requesting certificate [Manual] mail.exoip.com
Store with CertificateStore...
Installing certificate in the certificate store
Adding certificate [Manual] mail.exoip.com @ 2020/5/24 12:32:43 to store WebHosting
Installation step 1/2: IIS...
Updating existing https binding :443:127.0.0.1 (flags: 0)
Updating existing https binding :443 (flags: 0)
Committing 2 https binding changes to IIS
Installation step 2/2: Script...
Script C:\Program Files\Lets Encrypt\Scripts\ImportExchange.ps1 starting with parameters '7FEB94B25196C077F6E5DBDA651EF265CC4E7BF2' 'IIS,SMTP,IMAP' 1 'C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Certificates\mA-p-IEKGUyefhs7SIq8uA-9abaf6276b9e2fb42d8332879c4c9eb396dd699e-temp.pfx' 'sMIZHK2RfJnbRra0NkvzGbWtvxp/PtbpltrRaIy+CFg=' '[Manual] mail.exoip.com @ 2020/5/24 12:32:43'
Script finished
Scheduled task looks healthy
Adding renewal for [Manual] mail.exoip.com
Next renewal scheduled at 2020/7/18 12:32:43
This time the error did not show up. Let’s Encrypt certificate is installed successfully. Did it work for you?
Read more: Export Let’s Encrypt certificate in Windows Server »
Conclusion
In this article, you learned why Let’s Encrypt is unable to install certificate (0x80070520). Go to the specified folders and delete the files. Run the Let’s Encrypt Win-ACME client and follow the wizard to install the Let’s Encrypt certificate.
Did you enjoy this article? You may also like New-MailboxExportRequest is not recognized in Exchange Server. Don’t forget to follow us and share this article.
This Post Has 0 Comments