Auto Renewal Fails on Windows Hosting

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
www.airliftusa.com
I ran this command:
I didn't run any command but auto-renewal of lets encrypt fails with HTTP Error 403.4 - Forbidden

The page you are trying to access is secured with Secure Sockets Layer (SSL).

It produced this output:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://airliftusa.com/.well-known/acme-challenge/GhKSSlRDa6A2Je4LsHMk71-X6acqjBcXmfD5vE6_R2E
My web server is (include version):
Windows Hosting on Plesk, IIS 8.5
The operating system my web server runs on is (include version):
Windows Server
My hosting provider, if applicable, is:
ADSIN Media
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Plesk
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): No

1 Like

Welcome to the Let's Encrypt Community, Suresh :slightly_smiling_face:

I ran a variety of tests on your domain and I'm not encountering the error that you are. Please try again and let us know if this problem continues. It is possible that something in your server configuration is not allowing the correct content of the authentication file to be retrieved. Please show us the full output of the error and we will know more.

1 Like

This is the email I received from Let's encrypt because of auto renewal. What I also did is created a new one and added a DNS txt entry suggested by Let's encrypt box on Plesk manually. The propogation will take 24-48 hrs as per the domain. The issue could be that the domain of this is external hosting on Network solutions. I am not an expert on this matter, however, I think Let's encrypt is trying to add DNS txt entry to the domain but it is not able to do so because it doesn't have rights to do so. Thanks Griffin for looking into this matter.

Could not secure domains of airliftusa.com (login airliftusa.com) with Let`s Encrypt certificates. Please log in to Plesk and secure the domains listed below manually.
Securing of the following domains has failed:

The following domains have been secured without some of their Subject Alternative Names:

Could not renew Lets Encrypt certificates for [airliftusa.com](http://airliftusa.com) (login [airliftusa.com](http://airliftusa.com)). Please log in to Plesk and renew the certificates listed below manually. Renewal of the following Lets Encrypt certificates has failed:

Invalid response from https://acme-v02.api.letsencrypt.org/acme/authz-v3/8360625834.
Details:
Type: urn:ietf:params:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://airliftusa.com/.well-known/acme-challenge/F9Jkg71CAfnApbqeA4Py8vh0CwJTu2FTe3UKU2-fdFk [208.91.199.24]: " \n<html xmlns="http"

The following Let`s Encrypt certificates have been renewed without some of their Subject Alternative Names:

1 Like

You can consider this case closed. The manual entry worked. The certificate has been renewed.

Thanks Griffin.

2 Likes