404 acme challenge for some domains

hi, need some help please.

iam trying to get certificate for iis 8… spent some time to fix acme challenge, but the problem was not in my settings:

  1. first domain i tried was: 1s.some-domain.ru
  2. i got 404 error…
  3. then i tried second domain: nt.domain.ru and i got certificate…
  4. first and second domain points to same iis ip address and uses same webroot dir.
  5. after that i tried nt.some-domain.ru and again got the 404 error…

maybe where is some domain name restriction?

I ran this command:
i used letsencrypt-win-simple.V1.9.6.2
It produced this output:
404 error
My web server is (include version):
iis 8
The operating system my web server runs on is (include version):
win 2012 r2
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

tnank you.

what commands are you running in letsencryp-win-simple

did you check their github for any issues similar to what you are reporting?

I have used letsencrypt-win-simple before

Any chance you can paste the logs

404 errors are usually related to web server configurations


commands… new cert, first binding… --test when starting app.
ACME server reported “detail” "Invalid response from http://1s.some-domain.ru/.well-known/acme-challenge/1kUAgas9hIlAcZ79-9lhF2BRrOyXExDjzYwehYSuzhg: "

404 Not Found

Not Found

you saying that more likely its web server missconfig… but how it works on different domain name?? same web server… same settings… diff domain…

on nt.domain.ru all works perfectly: Adding new https binding for “nt.domain.ru

hi @yame

I think its possibly a MIME issue. Note: you will need to set this up for each site in IIS

Part 4 of this article describes this. I had 404s which is why i think it’s the first thing to check



hi Andrei, i have same name :slight_smile:

  1. i setup two different sites on one server…
  2. one site can pass acme challenge and another cannot.

how can i send private message to you? i can send all the logs.


Andrei i am writing to DNS provider now to make them remove AAAA records… i feel like it is the answer… thank you a lot.

1 Like


1 Like

ok, i’v tested it, removed my AAAA records from DNS and all works fine now, letsencrypt prefers IPv6 DNS requests.
thank you ahaw021!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.