Cached order has status invalid discarding acme error "status": 403

A simple Windows ACMEv2 client (WACS)
Software version (release, trimmed, standalone, 64-bit)
Connecting to
Scheduled task not configured yet
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)

N: Create certificate (default settings)
M: Create certificate (full options)
R: Run renewals (0 currently due)
A: Manage renewals (0 total)
O: More options...
Q: Quit

Please choose from the menu: n

Running in mode: Interactive, Simple

Please select which website(s) should be scanned for host names. You may
input one or more site identifiers (comma-separated) to filter by those
sites, or alternatively leave the input empty to scan all websites.

1907548219: SharePoint - 80 (1 binding)

Site identifier(s) or to choose all:

1: (Site 1907548219)

Listed above are the bindings found on the selected site(s). By default all
of them will be included, but you may either pick specific ones by typing the
host names or identifiers (comma-separated) or filter them using one of the
options from the menu.

P: Pick bindings based on a search pattern
A: Pick all bindings

Binding identifiers(s) or menu option: a

1: (Site 1907548219)

Continue with this selection? (y*/n) - yes

Source generated using plugin IIS:

Cached order has status invalid, discarding
[] Authorizing...
[] Authorizing using http-01 validation (SelfHosting)
[] Authorization result: invalid
[] {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from - This website is for sale! - khadamaty Resources and Information. []: "\r\n403 Forbidden\r\n\r\n

403 Forbidden

"status": 403

Create certificate failed, retry? (y/n*)

Hi @Yacine and welcome to the LE community forum :slight_smile:

What is the Internet IP of the server where you are running the ACME client?

I ask because I see two different IPs, and neither is running IIS:

curl -Ii
HTTP/1.1 302 Found
Date: Wed, 15 Dec 2021 09:45:43 GMT
Server: Apache/2.4.25 (Debian)
Set-Cookie: __tad=1639561543.1567765; expires=Sat, 13-Dec-2031 09:45:43 GMT; Max-Age=315360000
Connection: close
Content-Type: text/html; charset=UTF-8
curl -Ii
HTTP/1.1 403 Forbidden
Date: Wed, 15 Dec 2021 09:47:32 GMT
Content-Type: text/html
Content-Length: 150
Vary: Accept-Encoding
Server: NginX



Thanks for reply
I use only one IP adresse

A nginx webserver is responding on that IP address, not IIS.


Thanks for reply

What's the solution now please

I don't know, because I don't know your setup. Why are you running WACS on an IIS system while there is a nginx webserver responding? Is it a different server entirely? Or is nginx running as a reverse proxy on the same server? I just don't know.


Let me explain evrythings

I would get ssl certificate for my web server using sharepoint 2013 that use IIS

Please help me

I see:


but no IIS.

You need a working HTTP site before you can secure it (via HTTP authentication).


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.