Cannot get certificates

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is ecinternetimports.com

I ran this command: I am uysing Certify SSL on IIS

It produced this output:2019-01-09 07:44:05.831 -04:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://ecinternetimports.com/.well-known/acme-challenge/QY94yUWp0ggapIrOYx4YeOPEvJUtE14wKBf7VTss_oY: Timeout after connect (your server may be slow or overloaded)

My web server is (include version): IIS

The operating system my web server runs on is (include version): Windows server 2019

My hosting provider, if applicable, is:Me

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):No

I bought this domain a few weeks ago and since then on linux and windows I cannot get a certificate. I was able to succesfully get a cert for breautech.com on linux and www2.breautech.com on my IIS machine but for some reason this domain does not want to get a certificate.

The error listed above is the one I am currently getting and sometimes I get a likely a firewall issue.

I tried manuall with the file and I can access the files in the acme-challenge folder from the web interface and see the characters.
I can see the app creating the files in the acme-challenge folder
Website is available external via http and https ports are open
Currently this is the only website on that web server ( I removed the rest for testing purpose)

on my dns side CheapDomain.com I have a A Record @ pointing to 174.113.27.176 and domain forwarding pointing to http://ecinternetimports.com

I tried doing a txt validation via DNS and it wont pickup the txt record like they dont exist (eventough I created them last night on my dns cpanel and do a txtlookup they dont show up).

any help or point me in the right direction would be appreciated.

thanks

Hi @breaup

that

looks like you have a wrong configuration.

If you have one server with one ip address, it doesn't work with two ip addresses.

And there are different answers (this is always bad) ( ecinternetimports.com - Make your website better - DNS, redirects, mixed content, certificates ):

The ip 184.168.131.241 answers with a http-redirect, https has a timeout. The other ip sends a 200 or a wrong certificate.

This "domain forwarding" looks wrong, remove it, so you have only the 174.113.27.176 ip.

Thanks for the reply I removed the forward earlier and just tried again and got this error now : 2019-01-09 11:27:31.387 -04:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://ecinternetimports.com/.well-known/acme-challenge/md1VnJNQBlLrFvG3pLsYeGME_5d5OBFz3z5jRAMssT0: “\r\n<html xmlns=“http://www.w3.org/1999/xhtml”>\r\n<script type=“text/javascript”>window.NREUM||”

I opened a support ticket with my DNS Provider as for all the domains I have on my acount they all have that 2nd ip address as a A Record and I cannot modify it. So I just looking to see why, thanks for pointing this out.

Al tough my domain breautech.com does have the same configuration as this one and that one I was able to generate certificates for it. any idea ?

thanks again

Now it's better, but not good:

Your non-www has a direct loop, the page redirects to the same url. So it's a loop. The www redirects to the non-www and ends in the same loop.

So check these redirects, a loop is always terrible.

But I don't use Certify SSL, so it's possible that Certify has created these redirects.

The domain has the same problems. Two different ip addresses, different redirects.

https://breautech.com/
54.39.98.193

has a 200 (ok),

https://breautech.com/
184.168.131.241
Timeout - The operation has timed out

has a timeout. And a redirect

http://www.breautech.com/
184.168.131.241
	301
	https://BreauTech.com

lowercase -> uppercase is curious.

Thanks for pointing me in the right direction, I do have it figured out now. so removing the Forward reset my A Records and parked the domain which I did not notice right away till I tried it again later in a browser. I delete all the A REcord and re added the proper one, waited the TTL and tried again and it worked.

Thanks for the help much appreciated

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.