grep not recognized on windows “cmd”
open elevated command prompt (run as admin)
netstat -nabp tcp
show lines with :80 (include executable/program)
OK now I'm confused.
When you said
did you mean Microsoft Windows or just some "command window" ?
Microsoft Windows, so I downloaded the cygwim terminal and it worked the "command"strong text
So your running IIS.
Which probably already running on port 80.
You can’t run acme.sh in --standalone mode unless you temporarily stop IIS (or move IIS to another port - not 80).
let me try different port,
IIS can be moved to a different port.
[not sure what your final configuration needs to be]
But acme.sh will only authenticate via your EXTERNALIP.80
[http://your.domain/.well-known/acme-challenge/{LotsOfChars}]
logfile (2).txt (54.0 KB)
[Fri Oct 25 01:13:51 EDT 2019] response='{"type":"http-01","status":"invalid","error":{"type":"urn:ietf:params:acme:error:unauthorized","detail":"Invalid response from http://server.******.net/.well-known/acme-challenge/MOXZacAaZGlbcpjZh2WYngdmNatEgFgt15PY7NS4WW4 [**.**.***.109]: \"\u003c!DOCTYPE html PUBLIC \\\"-//W3C//DTD XHTML 1.0 Strict//EN\\\" \\\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\\\"\u003e\\r\\n\u003chtml xmlns=\\\"http\"","status": 403},"url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/929571243/vrvIVw","token":"MOXZacAaZGlbcpjZh2WYngdmNatEgFgt15PY7NS4WW4","validationRecord":
The server responds with error 403
in short: “unauthorized”
This doesn’t seem to be a problem with the cert nor with the acme client.
It seems to me that you are trying to do something you have never done before.
I feel you should read up on how things work in your particular scenario first; and then try issuing a cert from the LE staging environment.
Can you give me reference link or something.
I don’t even know what your trying to do with this Windows system.
[Why you chose Windows core… Why it’s running IIS… Why it’s running CYGWIN…]
The only thing I can be certain of is why you chose LetsEncrypt [that was obvious]
Unfortunately, except for LE, this is not a forum for any of them; and you wouldn’t get the best help nor the fastest solution to them here.
Nonetheless, here are some basic links covering things (I can see that) you are using:
https://docs.microsoft.com/en-us/windows-server/administration/server-core/server-core-manage
https://manage.iis.net/
https://github.com/Neilpang/acme.sh/wiki
That option doesn't do what you've assumed. It changes the port that acme.sh listens on, but not the port that the certificate authority connects on when validating your control of the domain. This is intended to be used in cases where you have a port forwarding set up on a router or firewall.
In all cases, the certificate authority will connect to your public port 80 to verify the HTTP-01 challenge. If that is being used by your IIS process, you'll need to stop it when performing this validation step, or else use a method other than --standalone.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.