ACME Server was probably unable

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: remote.fitch.ca, smtp.fitch.ca, access.fitch.ca

I ran this command:
letsencrypt win-simple: manual cert, remote.fitch.ca

It produced this output:
The ACME server was probably unable to reach http://remote.fitch.ca/.well-known/acme-challenge/

My web server is (include version): IIS 7.5

The operating system my web server runs on is (include version): Windows 2008 R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

A note, this doesn’t work on multiple web servers. I’ve tested the challenge file, and it’s present and accessible both inside the network and from external (phone) devices. DNS resolution seems to be fine. I’ve renewed these domains regularly for several years and then all of a sudden multiple servers fail, though they serve up the files as required.

2

Hi @Fitch

I see a different result ( https://check-your-website.server-daten.de/?q=remote.fitch.ca ):

Domainname Http-Status redirect Sec. G
http://remote.fitch.ca/
209.151.138.132 302 HTTPS://REMOTE.FITCH.CA/ 0.294 A
https://remote.fitch.ca/
209.151.138.132 302 HTTPS://remote.fitch.ca/remote 1.717 B
HTTPS://remote.fitch.ca/remote 302 https://remote.fitch.ca/Remote/logon?ReturnUrl=%2Fremote 2.627 B
https://remote.fitch.ca/Remote/logon?ReturnUrl=%2Fremote 200 2.400 B
http://remote.fitch.ca/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
209.151.138.132 302 HTTPS://REMOTE.FITCH.CA/.WELL-KNOWN/ACME-CHALLENGE/CHECK-YOUR-WEBSITE-DOT-SERVER-DATEN-DOT-DE 0.243 A
Visible Content: Object moved to here .
HTTPS://REMOTE.FITCH.CA/.WELL-KNOWN/ACME-CHALLENGE/CHECK-YOUR-WEBSITE-DOT-SERVER-DATEN-DOT-DE 404 0.427 A
Not Found
Visible Content: Server Error 404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.

There is a redirect http -> https. And the result url is in upper case.

Has the letsencrypt win-simple a better log with more details?

3

Interesting. Like I said I could retrieve the file just fine from my phone, no redirect or unexpected capitalization noted.

I’ll see if I can remove the redirect. Hopefully that’ll clear things up!

4

Yep, that worked! It’s a bit weird that I could retrieve the file but the ACME server couldn’t, but changing the ‘require SSL’ setting on the IIS server was able to fix the issue regardless. Thanks for your help!

1 Like
5

That's incompatible with Letsencrypt.

"require SSL" - the result: Checking a domain via http produces a http status 403 - not allowed.

So it's impossible that Letsencrypt checks the validation file.

6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.