Apache, windows, certficates failing with invalid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: vidyasridhar.no-ip.org

I ran this command: I am using wacs v2.1.8.838 and certbot 1.5.0

It produced this output: see log below

My web server is (include version): Apache 2.4.43 x64

The operating system my web server runs on is (include version): Windows 10 Home v2004

My hosting provider, if applicable, is: self hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 1.5.0

Unable to use a new domain as well as work with an existing one (vidyasridhar.no-ip.org).

I am able to browse the URL http://vidyasridhar.no-ip.org/.well-known/acme-challenge/t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0

The .well-known and acme-challenge directories exist in my webroot. The result of that URL is some alphanumeric string, so, the server seems to be working with that URL.

Don’t know why this is happening. Please help.

Certbot log:
2020-06-25 18:50:09,697:DEBUG:certbot._internal.main:certbot version: 1.5.0
2020-06-25 18:50:09,698:DEBUG:certbot._internal.main:Arguments: [’–verbose’, ‘–standalone’]
2020-06-25 18:50:09,698:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-06-25 18:50:09,773:DEBUG:certbot._internal.log:Root logging level set at 10
2020-06-25 18:50:09,774:INFO:certbot._internal.log:Saving debug log to C:\Certbot\log\letsencrypt.log
2020-06-25 18:50:09,783:DEBUG:certbot._internal.plugins.selection:Requested authenticator standalone and installer None
2020-06-25 18:50:09,791:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * standalone
Description: Spin up a temporary webserver
Interfaces: IAuthenticator, IPlugin
Entry point: standalone = certbot._internal.plugins.standalone:Authenticator
Initialized: <certbot._internal.plugins.standalone.Authenticator object at 0x044FD3D0>
Prep: True
2020-06-25 18:50:09,792:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.standalone.Authenticator object at 0x044FD3D0> and installer None
2020-06-25 18:50:09,792:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator standalone, Installer None
2020-06-25 18:50:09,801:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri=‘https://acme-v02.api.letsencrypt.org/acme/acct/89721068’, new_authzr_uri=None, terms_of_service=None), 4a2e88ebaced0adae4f9f585f6a5a8e5, Meta(creation_dt=datetime.datetime(2020, 6, 25, 10, 57, 31, tzinfo=), creation_host=‘JIMMY-CLIFF’))>
2020-06-25 18:50:09,803:DEBUG:acme.client:Sending GET request to https://acme-v02.api.letsencrypt.org/directory.
2020-06-25 18:50:09,808:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org:443
2020-06-25 18:50:11,114:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “GET /directory HTTP/1.1” 200 658
2020-06-25 18:50:11,115:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Jun 2020 13:20:09 GMT
Content-Type: application/json
Content-Length: 658
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“keyChange”: “https://acme-v02.api.letsencrypt.org/acme/key-change”,
“lUItF4t-IGo”: “Adding random entries to the directory”,
“meta”: {
“caaIdentities”: [
“letsencrypt.org”
],
“termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf”,
“website”: “https://letsencrypt.org”
},
“newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”,
“newNonce”: “https://acme-v02.api.letsencrypt.org/acme/new-nonce”,
“newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”,
“revokeCert”: “https://acme-v02.api.letsencrypt.org/acme/revoke-cert”
}
2020-06-25 18:50:11,116:DEBUG:certbot.display.ops:No installer, picking names manually
2020-06-25 18:50:29,258:INFO:certbot._internal.main:Obtaining a new certificate
2020-06-25 18:50:29,851:DEBUG:certbot.crypto_util:Generating key (2048 bits): C:\Certbot\keys\0004_key-certbot.pem
2020-06-25 18:50:29,866:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0004_csr-certbot.pem
2020-06-25 18:50:29,867:DEBUG:acme.client:Requesting fresh nonce
2020-06-25 18:50:29,868:DEBUG:acme.client:Sending HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce.
2020-06-25 18:50:30,186:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “HEAD /acme/new-nonce HTTP/1.1” 200 0
2020-06-25 18:50:30,188:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Jun 2020 13:20:28 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101TepUuJ7xFMvzWFb66vdSefPNX-xDmEwkcIrlJQp58Uk
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2020-06-25 18:50:30,190:DEBUG:acme.client:Storing nonce: 0101TepUuJ7xFMvzWFb66vdSefPNX-xDmEwkcIrlJQp58Uk
2020-06-25 18:50:30,191:DEBUG:acme.client:JWS payload:
b’{\n “identifiers”: [\n {\n “type”: “dns”,\n “value”: “vidyasridhar.no-ip.org”\n }\n ]\n}’
2020-06-25 18:50:30,214:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/new-order:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk3MjEwNjgiLCAibm9uY2UiOiAiMDEwMVRlcFV1Sjd4Rk12eldGYjY2dmRTZWZQTlgteERtRXdrY0lybEpRcDU4VWsiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciJ9”,
“signature”: “FZUvfJ_9egw2mZLFAzOSMe4lci3uHcjkmolGT3nLMGN7PamRxe8KZfQyKDYdV8K1SCYPtRI-sG1kYaBlayAw5ksV7NNqr3FNVla1hupJhuZp4wJcTItZsIZLfyEptY6qurot6j-1U-PQAXBjlqqgL4gAemSZ5MdjzLLt–rkGxO9BZDfiYgHV9MR5YlYPFygjCHny0KrO6OXPSnYH9sfEzggr-KklU_GMBDSDrwHNzaGj-CGkfcM1auFUyIFWSk1lzg_Id6oHE_jzoiXFgoZ1tP5CQctIQRaRB7HLdKSUuPC_OJGUenhknh61NLrEh1f1nptwMXomKBZnxWFi-Wb9w”,
“payload”: “ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogInZpZHlhc3JpZGhhci5uby1pcC5vcmciCiAgICB9CiAgXQp9”
}
2020-06-25 18:50:30,689:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/new-order HTTP/1.1” 201 351
2020-06-25 18:50:30,692:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Thu, 25 Jun 2020 13:20:29 GMT
Content-Type: application/json
Content-Length: 351
Connection: keep-alive
Boulder-Requester: 89721068
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Location: https://acme-v02.api.letsencrypt.org/acme/order/89721068/3920628385
Replay-Nonce: 0101BfmvgaVQguYkb5SvAq-OYbQM_w-m-p6LuWcjaroJc3g
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“status”: “pending”,
“expires”: “2020-07-02T13:20:28.99524342Z”,
“identifiers”: [
{
“type”: “dns”,
“value”: “vidyasridhar.no-ip.org”
}
],
“authorizations”: [
“https://acme-v02.api.letsencrypt.org/acme/authz-v3/5470231863”
],
“finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/89721068/3920628385”
}
2020-06-25 18:50:30,694:DEBUG:acme.client:Storing nonce: 0101BfmvgaVQguYkb5SvAq-OYbQM_w-m-p6LuWcjaroJc3g
2020-06-25 18:50:30,695:DEBUG:acme.client:JWS payload:
b’’
2020-06-25 18:50:30,717:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/5470231863:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk3MjEwNjgiLCAibm9uY2UiOiAiMDEwMUJmbXZnYVZRZ3VZa2I1U3ZBcS1PWWJRTV93LW0tcDZMdVdjamFyb0pjM2ciLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzU0NzAyMzE4NjMifQ”,
“signature”: “CcM1F9Yr0Rjl4x_SmrxJCD0DKt7BkzvnofKp_6uMgDJtrf7Ug0P3dBeZMAtYUQraYObzBEZdQeO05seQ_9EGckNAZKsYkj84qjRxy-c98WseA_8wHoikuaSdvmda-KS1jROGZu9o1CCSbVRndkkEk7PPxHbhldkHA-f1OTq26ieowOvGmm5MtxkotJ88vlc4qBILugJ6vseR_8Si5ECk6gkgrmpuhkCC0cooNSxCH7SitY-xDoeW6GopT72GTtEWF68_ZvoLj4fFZbL2r-XCePgi8j9dTM7zrg7oErMkX_mgV8YyGqsHkDa-vLGZVjIsxNWHYQ9beJ10rLgwtZdzIw”,
“payload”: “”
}
2020-06-25 18:50:31,079:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/5470231863 HTTP/1.1” 200 800
2020-06-25 18:50:31,081:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Jun 2020 13:20:29 GMT
Content-Type: application/json
Content-Length: 800
Connection: keep-alive
Boulder-Requester: 89721068
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101psYeZwpZg3mVMBLvcZHpxYPcHJWNF4qsf1z-aRJ_M6s
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “vidyasridhar.no-ip.org”
},
“status”: “pending”,
“expires”: “2020-07-02T13:20:28Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/Rvh6DQ”,
“token”: “t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”
},
{
“type”: “dns-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/PY0rOA”,
“token”: “t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”
},
{
“type”: “tls-alpn-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/fd9ohA”,
“token”: “t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”
}
]
}
2020-06-25 18:50:31,083:DEBUG:acme.client:Storing nonce: 0101psYeZwpZg3mVMBLvcZHpxYPcHJWNF4qsf1z-aRJ_M6s
2020-06-25 18:50:31,086:INFO:certbot._internal.auth_handler:Performing the following challenges:
2020-06-25 18:50:31,086:INFO:certbot._internal.auth_handler:http-01 challenge for vidyasridhar.no-ip.org
2020-06-25 18:50:31,098:DEBUG:acme.standalone:Successfully bound to :80 using IPv6
2020-06-25 18:50:31,936:DEBUG:acme.standalone:Successfully bound to :80 using IPv4
2020-06-25 18:50:31,950:INFO:certbot._internal.auth_handler:Waiting for verification…
2020-06-25 18:50:31,952:DEBUG:acme.client:JWS payload:
b’{}’
2020-06-25 18:50:31,973:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/Rvh6DQ:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk3MjEwNjgiLCAibm9uY2UiOiAiMDEwMXBzWWVad3BaZzNtVk1CTHZjWkhweFlQY0hKV05GNHFzZjF6LWFSSl9NNnMiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzU0NzAyMzE4NjMvUnZoNkRRIn0”,
“signature”: “W8tdPazAIgtmtUU7bg2r_0YxI4zB1-PdFckbkqD2AcWRx9K3uaGFWc-eQ7QegLSZd2behqJR8kWjJNuq8uSfNGPfhT_nmhY68oIkjQRA39wxamfeTCLQ1Stpc4y7y7EM0_SloXQpgElt3sPwKvBOWnnNr6RxWIpS690H7bB4v53hMvdvbkCIf-g9YNmKGQuKfwksbJI_25vqYfngSmZdrjv1HaWniHPpobp3dolGZ65VVyCIKdGfh1CFBnSD74bNJqVxrGPGIcjhGoYpQDSiP1zjo9WVa7WY5Y7pjUDYYPH-AXyqBFCKt7apsSuRiZKzTljwLWYlHtjM01onWKMatA”,
“payload”: “e30”
}
2020-06-25 18:50:32,346:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/chall-v3/5470231863/Rvh6DQ HTTP/1.1” 200 185
2020-06-25 18:50:32,349:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Jun 2020 13:20:30 GMT
Content-Type: application/json
Content-Length: 185
Connection: keep-alive
Boulder-Requester: 89721068
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”, https://acme-v02.api.letsencrypt.org/acme/authz-v3/5470231863;rel=“up”
Location: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/Rvh6DQ
Replay-Nonce: 0102xkVnggEQAgDO5i9bXZEULaOUsme6s-d3KaNAkkIWp2Y
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“type”: “http-01”,
“status”: “pending”,
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/Rvh6DQ”,
“token”: “t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”
}
2020-06-25 18:50:32,350:DEBUG:acme.client:Storing nonce: 0102xkVnggEQAgDO5i9bXZEULaOUsme6s-d3KaNAkkIWp2Y
2020-06-25 18:50:33,364:DEBUG:acme.client:JWS payload:
b’’
2020-06-25 18:50:33,385:DEBUG:acme.client:Sending POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/5470231863:
{
“protected”: “eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvODk3MjEwNjgiLCAibm9uY2UiOiAiMDEwMnhrVm5nZ0VRQWdETzVpOWJYWkVVTGFPVXNtZTZzLWQzS2FOQWtrSVdwMlkiLCAidXJsIjogImh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzU0NzAyMzE4NjMifQ”,
“signature”: “jgg_YlxQ9ggVeUknfrwh5mch1TG3nxtN7tDFYmjvR9aVSpwQF2YQQM2VQNDs4aLUgpU3yhMNeT1nY1zZNZoIGslD_6EkIqjZpTsR0CntoAwr8kAjgzKPGtqDQELvu5_r2Z0S_46nnld8TVhWIsbL58Rfh2hZDnuXqng3CCxBFNHFONUjVMyqzQCaHxUIr-c7qWyjthZw1XVDYzCTHzwLLJDOWe9cy-liMlVVynjgH3hxx9tAK_5o75rrdK5KEswPTolBkwHusxWj73ZApKzHRAS49qESqwMbLLyDzmYp3uldihr77dyGfepRrqHOrdQPKFjlZRaqnMC70Ng4meNAAQ”,
“payload”: “”
}
2020-06-25 18:50:33,739:DEBUG:urllib3.connectionpool:https://acme-v02.api.letsencrypt.org:443 “POST /acme/authz-v3/5470231863 HTTP/1.1” 200 1178
2020-06-25 18:50:33,741:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Thu, 25 Jun 2020 13:20:32 GMT
Content-Type: application/json
Content-Length: 1178
Connection: keep-alive
Boulder-Requester: 89721068
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0101ODaR-43uSEYG_zvaRtvGn2jP8ygJ5DRjNm6Sam3NYJ4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
“identifier”: {
“type”: “dns”,
“value”: “vidyasridhar.no-ip.org”
},
“status”: “invalid”,
“expires”: “2020-07-02T13:20:28Z”,
“challenges”: [
{
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://vidyasridhar.no-ip.org/.well-known/acme-challenge/t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0 [210.18.181.30]: " \u003cHTML\u003e\n \u003cHEAD\u003e\u003cTITLE\u003e404 Not Found\u003c/T”",
“status”: 403
},
“url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5470231863/Rvh6DQ”,
“token”: “t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”,
“validationRecord”: [
{
“url”: “http://vidyasridhar.no-ip.org/.well-known/acme-challenge/t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0”,
“hostname”: “vidyasridhar.no-ip.org”,
“port”: “80”,
“addressesResolved”: [
“210.18.181.30”
],
“addressUsed”: “210.18.181.30”
}
]
}
]
}
2020-06-25 18:50:33,743:DEBUG:acme.client:Storing nonce: 0101ODaR-43uSEYG_zvaRtvGn2jP8ygJ5DRjNm6Sam3NYJ4
2020-06-25 18:50:33,744:WARNING:certbot._internal.auth_handler:Challenge failed for domain vidyasridhar.no-ip.org
2020-06-25 18:50:33,745:INFO:certbot._internal.auth_handler:http-01 challenge for vidyasridhar.no-ip.org
2020-06-25 18:50:33,747:DEBUG:certbot._internal.reporter:Reporting to user: The following errors were reported by the server:

Domain: vidyasridhar.no-ip.org
Type: unauthorized
Detail: Invalid response from http://vidyasridhar.no-ip.org/.well-known/acme-challenge/t9wiTObVmZymj1vETNlS65b2AshroD7krcs3IKcxVl0 [210.18.181.30]: " \n 404 Not Found</T"

To fix these errors, please make sure that your domain name was entered correctly and the DNS A/AAAA record(s) for that domain contain(s) the right IP address.
2020-06-25 18:50:33,749:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File “C:\Certbot\pkgs\certbot_internal\auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “C:\Certbot\pkgs\certbot_internal\auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.

2020-06-25 18:50:33,751:DEBUG:certbot._internal.error_handler:Calling registered functions
2020-06-25 18:50:33,751:INFO:certbot._internal.auth_handler:Cleaning up challenges
2020-06-25 18:50:33,753:DEBUG:certbot._internal.plugins.standalone:Stopping server at :::80…
2020-06-25 18:50:33,754:DEBUG:certbot._internal.plugins.standalone:Stopping server at 0.0.0.0:80…
2020-06-25 18:50:34,469:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File “D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py”, line 193, in _run_module_as_main
File “D:\obj\windows-release\37win32_Release\msi_python\zip_win32\runpy.py”, line 85, in run_code
File "C:\Certbot\bin\certbot.exe_main.py", line 33, in
sys.exit(main())
File “C:\Certbot\pkgs\certbot\main.py”, line 15, in main
return internal_main.main(cli_args)
File “C:\Certbot\pkgs\certbot_internal\main.py”, line 1347, in main
return config.func(config, plugins)
File “C:\Certbot\pkgs\certbot_internal\main.py”, line 1233, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File “C:\Certbot\pkgs\certbot_internal\main.py”, line 121, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File “C:\Certbot\pkgs\certbot_internal\client.py”, line 409, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File “C:\Certbot\pkgs\certbot_internal\client.py”, line 343, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “C:\Certbot\pkgs\certbot_internal\client.py”, line 390, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, best_effort)
File “C:\Certbot\pkgs\certbot_internal\auth_handler.py”, line 91, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File “C:\Certbot\pkgs\certbot_internal\auth_handler.py”, line 180, in _poll_authorizations
raise errors.AuthorizationError(‘Some challenges have failed.’)
certbot.errors.AuthorizationError: Some challenges have failed.
2020-06-25 18:50:34,477:ERROR:certbot._internal.log:Some challenges have failed.

Log from win-acme:
2020-06-25 18:22:48.576 +05:30 [INF] Software version 2.1.8.838 (RELEASE, PLUGGABLE) started
2020-06-25 18:22:48.578 +05:30 [INF] ACME server “https://acme-v02.api.letsencrypt.org/”
2020-06-25 18:22:49.948 +05:30 [INF] IIS version 10.0
2020-06-25 18:22:49.953 +05:30 [INF] Running with administrator credentials
2020-06-25 18:22:50.002 +05:30 [INF] Scheduled task looks healthy
2020-06-25 18:22:50.004 +05:30 [INF] Please report issues at https://github.com/win-acme/win-acme
2020-06-25 18:25:29.570 +05:30 [INF] Arguments: --verbose
2020-06-25 18:25:29.609 +05:30 [DBG] Renewal period: 55 days
2020-06-25 18:25:29.616 +05:30 [VRB] Sending e-mails false
2020-06-25 18:25:29.626 +05:30 [INF] Software version 2.1.8.838 (RELEASE, PLUGGABLE) started
2020-06-25 18:25:29.627 +05:30 [INF] ACME server “https://acme-v02.api.letsencrypt.org/”
2020-06-25 18:25:29.639 +05:30 [VRB] SecurityProtocol setting: “SystemDefault”
2020-06-25 18:25:29.642 +05:30 [DBG] Send GET request to “https://acme-v02.api.letsencrypt.org/directory”
2020-06-25 18:25:31.017 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:25:31.023 +05:30 [DBG] Connection OK!
2020-06-25 18:25:31.029 +05:30 [INF] IIS version 10.0
2020-06-25 18:25:31.037 +05:30 [INF] Running with administrator credentials
2020-06-25 18:25:31.087 +05:30 [INF] Scheduled task looks healthy
2020-06-25 18:25:31.090 +05:30 [INF] Please report issues at https://github.com/win-acme/win-acme
2020-06-25 18:25:31.095 +05:30 [VRB] Test for international support: 語言 язык لغة
2020-06-25 18:25:35.210 +05:30 [INF] Running in mode: “Interactive, Advanced”
2020-06-25 18:25:35.243 +05:30 [VRB] Adding 8.8.8.8 as DNS server
2020-06-25 18:25:35.246 +05:30 [VRB] Adding 1.1.1.1 as DNS server
2020-06-25 18:25:35.248 +05:30 [VRB] Adding 8.8.4.4 as DNS server
2020-06-25 18:25:45.867 +05:30 [INF] Target generated using plugin Manual: vidyasridhar.no-ip.org
2020-06-25 18:26:24.158 +05:30 [WRN] Installation plugin IIS not available: No IIS websites available.
2020-06-25 18:26:26.151 +05:30 [VRB] Targeted convert into 1 order(s)
2020-06-25 18:26:26.151 +05:30 [VRB] Checking Vidya and Sridhar’s Personal Website
2020-06-25 18:26:26.154 +05:30 [VRB] Handle order 1/1: Main
2020-06-25 18:26:26.302 +05:30 [DBG] Refreshing order…
2020-06-25 18:26:26.306 +05:30 [VRB] Loading ACME account signer…
2020-06-25 18:26:26.307 +05:30 [DBG] Loading signer from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Signer_v2
2020-06-25 18:26:26.337 +05:30 [VRB] Constructing ACME protocol client…
2020-06-25 18:26:26.344 +05:30 [DBG] Send GET request to “https://acme-v02.api.letsencrypt.org/directory”
2020-06-25 18:26:27.582 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:27.628 +05:30 [DBG] Send HEAD request to “https://acme-v02.api.letsencrypt.org/acme/new-nonce”
2020-06-25 18:26:27.937 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:27.948 +05:30 [DBG] Loading account information from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Registration_v2
2020-06-25 18:26:28.011 +05:30 [DBG] Send POST request to “https://acme-v02.api.letsencrypt.org/acme/order/89729166/3920351821”
2020-06-25 18:26:28.360 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:28.365 +05:30 [DBG] Cached order has status pending, discarding
2020-06-25 18:26:28.372 +05:30 [VRB] Creating order for hosts: [“vidyasridhar.no-ip.org”]
2020-06-25 18:26:28.389 +05:30 [DBG] Send POST request to “https://acme-v02.api.letsencrypt.org/acme/new-order”
2020-06-25 18:26:28.801 +05:30 [VRB] Request completed with status “Created”
2020-06-25 18:26:28.804 +05:30 [VRB] Order https://acme-v02.api.letsencrypt.org/acme/order/89729166/3920408865 created
2020-06-25 18:26:28.820 +05:30 [VRB] Handle authorization 1/1
2020-06-25 18:26:28.828 +05:30 [DBG] Send POST request to “https://acme-v02.api.letsencrypt.org/acme/authz-v3/5469864082”
2020-06-25 18:26:29.174 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:29.221 +05:30 [INF] Authorize identifier vidyasridhar.no-ip.org
2020-06-25 18:26:29.222 +05:30 [VRB] Initial authorization status: pending
2020-06-25 18:26:29.224 +05:30 [VRB] Challenge types available: [“http-01”,“dns-01”,“tls-alpn-01”]
2020-06-25 18:26:29.224 +05:30 [VRB] Initial challenge status: pending
2020-06-25 18:26:29.229 +05:30 [INF] Authorizing vidyasridhar.no-ip.org using http-01 validation (FileSystem)
2020-06-25 18:26:29.239 +05:30 [VRB] Writing file to C:\Webpages.well-known\acme-challenge\WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4
2020-06-25 18:26:29.241 +05:30 [INF] Answer should now be browsable at http://vidyasridhar.no-ip.org/.well-known/acme-challenge/WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4
2020-06-25 18:26:29.242 +05:30 [DBG] Send GET request to “http://vidyasridhar.no-ip.org/.well-known/acme-challenge/WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4”
2020-06-25 18:26:29.337 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:29.339 +05:30 [INF] Preliminary validation looks good, but the ACME server will be more thorough
2020-06-25 18:26:29.340 +05:30 [DBG] Submitting challenge answer
2020-06-25 18:26:29.346 +05:30 [DBG] Send POST request to “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5469864082/HtSZJA”
2020-06-25 18:26:29.764 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:34.783 +05:30 [DBG] Refreshing authorization (1/15)
2020-06-25 18:26:34.789 +05:30 [DBG] Send POST request to “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5469864082/HtSZJA”
2020-06-25 18:26:35.129 +05:30 [VRB] Request completed with status “OK”
2020-06-25 18:26:35.152 +05:30 [ERR] {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://vidyasridhar.no-ip.org/.well-known/acme-challenge/WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4 [210.18.181.30]: " \n 404 Not Found</T”",
“status”: 403
}
2020-06-25 18:26:35.158 +05:30 [ERR] Authorization result: invalid
2020-06-25 18:26:35.159 +05:30 [VRB] Starting post-validation cleanup
2020-06-25 18:26:35.161 +05:30 [DBG] Deleting answer
2020-06-25 18:26:35.162 +05:30 [VRB] Deleting file C:\Webpages.well-known\acme-challenge\WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4
2020-06-25 18:26:35.165 +05:30 [DBG] Additional files or folders exist in C:\Webpages.well-known\acme-challenge, not deleting.
2020-06-25 18:26:35.165 +05:30 [VRB] Post-validation cleanup was succesful
2020-06-25 18:35:28.961 +05:30 [ERR] Create certificate failed: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://vidyasridhar.no-ip.org/.well-known/acme-challenge/WXU8ZXwSXH9fBcpWR-9fsFcIwnn55Jte-uwmao0u8c4 [210.18.181.30]: " \n 404 Not Found</T”",
“status”: 403
}
2020-06-25 18:35:31.125 +05:30 [VRB] Exiting with status code 0

403 usually means authentication required.
You need to exclude the authentication requests to /.well-known/acme-challenge/ folder from the required "login".

Sorry, but how do I do this? Could you please give an example?

Not sure if this will work on Apache for Windows…
But try:
apachectl -S

Otherwise, we will have to review the config “manually”.
Looking for where to make the change - to allow /.well-known/acme-challenge/ requests to bypass the login requirement.

This is the output of httpd -S (equivalent of apachectl -S on windows)

Thanks.

VirtualHost configuration:
*:80 is a NameVirtualHost
default server vidyasridhar.no-ip.org (C:/Apache24/conf/httpd.conf:713)
port 80 namevhost vidyasridhar.no-ip.org (C:/Apache24/conf/httpd.conf:713)
port 80 namevhost www.acefoodtech.com (C:/Apache24/conf/httpd.conf:774)
alias acefoodtech.com
*:443 is a NameVirtualHost
default server vidyasridhar.no-ip.org (C:/Apache24/conf/httpd.conf:744)
port 443 namevhost vidyasridhar.no-ip.org (C:/Apache24/conf/httpd.conf:744)
port 443 namevhost www.acefoodtech.com (C:/Apache24/conf/httpd.conf:783)
alias acefoodtech.com
ServerRoot: “C:/Apache24”
Main DocumentRoot: “C:/Webpages”
Main ErrorLog: “|C:/Apache24/bin/rotatelogs.exe -l C:/Apache24/logs/error.%Y.%m.%d.log 86400”
Mutex default: dir=“C:/Apache24/logs/” mechanism=default
Mutex authdigest-opaque: using_defaults
Mutex watchdog-callback: using_defaults
Mutex rewrite-map: using_defaults
Mutex ssl-stapling-refresh: using_defaults
Mutex authdigest-client: using_defaults
Mutex ssl-stapling: using_defaults
Mutex ssl-cache: using_defaults
PidFile: “C:/Apache24/logs/httpd.pid”
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
Define: SRVROOT=c:/Apache24

They are all within the same file, let’s have a look at:
C:/Apache24/conf/httpd.conf

403 means forbidden. 401 is unauthorized.

@sridharb Something in your apache configuration is disallowing public access to this – it has nothing to do with a log in in likelihood. It could be based on a lot of things; file permissions, disallowed based on user agent, IP, and this could be in htaccess or the actual apache configurations. You can turn the log level up in apache and it should tell you why, though apache often has a bad habit of just logging “client denied by server configuration”, as well.

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

Is that working?

Try placing a test file in the expected challenge folder and see if it can be reached from the Internet.

Do these:
mkdir "C:/Webpages/.well-known."
mkdir "C:/Webpages/.well-known/acme-challenge"
echo "test" >> "C:/Webpages/.well-known/acme-challenge/test-file"

Then try:
http://vidyasridhar.no-ip.org/.well-known/acme-challenge/test-file

Sorry, that line was added recently after I continued searching for ways to resolve this.

I had created earlier a testfile with the content of 12345.

However, even before this rule, I was able to access this folder and instead of 12345, it would return a seemingly random string. This behavior continues even after including that line.

When I navigate to http://vidyasridhar.no-ip.org/.well-known/acme-challenge/testfile.txt, instead of 12345, I get uNPwUUIrgJ1FEEIIuoyTm8jk3urFuPYo9DwG2lm50AA.re2nb6lVcWLtlgOy_NqS8dtuPl8GySmz5CBrZ70G3Us as the response.

Please don’t name it with an extension.
NOT testfile.txt
USE test-file
[that is a closer simulation of the real challenge file]

Same result. Random string as result.

BTW, I get the exact same response that I did when I asked for testfile.txt.

I get 404 not found.
Are you testing that link from the Internet?

Did the file get created?
dir c:\Webpages\.well-known\acme-challenge\*

Sorry, I have been misled because I was trying that link from within my intranet where I was able to reach it. I tried it from outside and I have not been able to, like you.

The directory structure exists. That file exists. However, I still get a 404.

I see two “strange” things - one is that my http request is redirected to https (don’t know where that is happening) and the https request fails with a 503 service unavailable. I am talking about requesting just http://vidyasridhar.no-ip.org/

Is it the mod_md that is doing it? I thought I had #MDRequireHttps temporary line commented out.

You may need to clear out your browser cache.
I don’t get the redirection.

HTTP/1.1 200 OK
Server: Mini web server 1.0 ZTE corp 2005.
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval' data:
Cache-Control: no-cache,no-store
Content-Length: 39358
Set-Cookie: _TESTCOOKIESUPPORT=1; PATH=/; HttpOnly
X-Frame-Options:DENY

I’m not sure we are even connection to the right IP:

image961×616 87.9 KB

Thank you so much for helping.

This is my ISP modem. It is supposed to forward port 80, 443 and some other ports to servers inside. Those port forwarding rules are in place. I will check some port forward testing websites to see if something is wrong here.

I figured out what the problem was. The router had a web interface turned on by default and that was taking away the port 80 requests coming from outside. When requests were sent from inside, it never reached the router (I have another router behind this) and thus I was thinking that it was working fine.

Thank you for helping me reach a solution.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.