Attempting to validate a subdomain that needed to be moved to a new server and I'm running into an acme challenge error. There is no cname in DNS for a _acme-challenge on this domain, so I don't understand why the error.

 Target generated using plugin IIS: www2.welchsystems.com

 [www2.welchsystems.com] Authorizing...
 [www2.welchsystems.com] Authorizing using http-01 validation (SelfHosting)
 [www2.welchsystems.com] Authorization result: invalid
 [www2.welchsystems.com] {
  "type": "urn:ietf:params:acme:error:unauthorized",
  "detail": "Invalid response from https://www2.welchsystems.com/.well-known/acme-challenge/87DM7BcbmPQ2iAx0xL5gA9Pr0F09OQdp0FDjCC8nGYk [2606:4700:3036::ac43:a73a]: \"<!DOCTYPE HTML PUBLIC \\\"-//W3C//DTD HTML 4.01//EN\\\"\\\"http://www.w3.org/TR/html4/strict.dtd\\\">\\n<HTML><HEAD><TITLE>Not Found</TITLE>\\n<\"",
  "status": 403
}

Hi @jeff-irwin and welcome to the LE community forum

You should mention (and take consideration) that Cloudflare is involved:

Name:      www2.welchsystems.com
Addresses: 2606:4700:3036::ac43:a73a
           2606:4700:3034::6815:1064
           104.21.16.100
           172.67.167.58

Like: It will always redirect HTTP to HTTPS.

Your using win-acme, with the self-hosting option (it adds an http.sys listener on port 80, before IIS).

If you don't want to change cloudflare settings to allow http through you could use the "filesystem" validation option instead of selfhosting: win-acme

That way IIS will respond with the challenge response file from within the website root instead of using the built-in win-acme server.

Great point that I didn't consider...

That was it, I disabled SSL/TLS in Cloudflare and was able to validate the cert.

Very much appreciate the assist!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.