404 acme challenge for some domains

yame · October 9, 2017, 10:38am

hi, need some help please.

iam trying to get certificate for iis 8… spent some time to fix acme challenge, but the problem was not in my settings:

first domain i tried was: 1s.some-domain.ru
i got 404 error…
then i tried second domain: nt.domain.ru and i got certificate…
first and second domain points to same iis ip address and uses same webroot dir.
after that i tried nt.some-domain.ru and again got the 404 error…

maybe where is some domain name restriction?

I ran this command:
i used letsencrypt-win-simple.V1.9.6.2
It produced this output:
404 error
My web server is (include version):
iis 8
The operating system my web server runs on is (include version):
win 2012 r2
I can login to a root shell on my machine (yes or no, or I don’t know):
yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
no

tnank you.

ahaw021 · October 9, 2017, 11:51am

what commands are you running in letsencryp-win-simple

did you check their github for any issues similar to what you are reporting?

I have used letsencrypt-win-simple before

Any chance you can paste the logs

404 errors are usually related to web server configurations

Andrei

yame · October 9, 2017, 12:02pm

commands… new cert, first binding… --test when starting app.
logs:
ACME server reported “detail” "Invalid response from http://1s.some-domain.ru/.well-known/acme-challenge/1kUAgas9hIlAcZ79-9lhF2BRrOyXExDjzYwehYSuzhg: "

404 Not Found

Not Found

you saying that more likely its web server missconfig… but how it works on different domain name?? same web server… same settings… diff domain…

on nt.domain.ru all works perfectly: Adding new https binding for “nt.domain.ru”

ahaw021 · October 10, 2017, 2:38am

hi @yame

I think its possibly a MIME issue. Note: you will need to set this up for each site in IIS

Part 4 of this article describes this. I had 404s which is why i think it’s the first thing to check

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke/

Andrei

yame · October 10, 2017, 12:40pm

hi Andrei, i have same name

i setup two different sites on one server…
one site can pass acme challenge and another cannot.

how can i send private message to you? i can send all the logs.

ahaw021 · October 10, 2017, 12:45pm

yame · October 10, 2017, 1:22pm

Andrei i am writing to DNS provider now to make them remove AAAA records… i feel like it is the answer… thank you a lot.

ahaw021 · October 10, 2017, 1:24pm

yame · October 10, 2017, 2:05pm

ok, i’v tested it, removed my AAAA records from DNS and all works fine now, letsencrypt prefers IPv6 DNS requests.
thank you ahaw021!

system · November 9, 2017, 2:05pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.