The operating system my web server runs on is (include version): Windows SERVER 2019
Dear Team, please help me with the solution for getting an SSL certificate. I tried with CertifyTheWeb and win-acme.v2.2.9.1701.x64.pluggable, but both are getting an error for HTTP.
Our main domain is hosted on Amazon, and our other subdomains are running fine. " pacs.holycrosskottiyam.org & patient.holycrosskottiyam.org & hms.holycrosskottiyam.org\histree ".
Your server is not replying to the Let's Encrypt HTTP challenge request properly.
You are rejecting the request with a 403 Forbidden response. It is likely for the same reason shown by the Let's Debug test site:
You need to review your IIS config to see why it does that. Below is a thread at the Certify The Web community that gives some things to check. I don't know IIS very well myself but this thread contains comments from the author of CTW.
@rajkamal when you use HTTP domain validation the certificate authority (Let's Encrypt) makes an http request to TCP port 80.
Meanwhile, your ACME client (win-acme or Certify The Web) spins up it's own TCP port 80 listener in front of IIS, just to answer that http challenge.
On your domains however, you are redirecting to https (TCP port 443) immediately, via Amazon Cloudfront, before the request reaches your server. So the "Self-hosting" aspect of the ACME client you are using gets skipped completely and you instead have to serve your HTTP challenge response file via your web server (IIS). This means IIS needs to know to allow the request especially if you have content management systems or apps handling routing for incoming request
In the case of Certify The Web (which I work on), the app will configure a fallback response via IIS by writing the file to the /.well-known/acme-challenge/ path of your website, if it can, and attempting to configure a web.config on that folder to allow extensionless text files to be served. We also add a test configcheck files so you can see if that's accessible (which it is): https://esspmobapp.holycrosskottiyam.org/.well-known/acme-challenge/configcheck
As I can see the configcheck file, http domain validation will work with Certify The Web, so I suspect you've already succeeded and just haven't updated this thread yet.
