Cannot Renew after some renewal failures


#1

My domain is: test.ezrewardstt.com

I ran this command: I used the “Request Certificate” function in the “Certify the Web” application (https://certifytheweb.com/)

It produced this output:
Validation of the required challenges did not complete successfully. Domain validation failed: test.ezrewardstt.com

My web server is (include version): IIS7

The operating system my web server runs on is (include version): Windows Server 2008

My hosting provider, if applicable, is: It’s VM running on VMware, small hosting company

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know but I think so

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No


So I successfully used LetsEncrypt via the Certify app to get a number of certificates for predominantly test versions of a number of sites. Certify has a feature in it which is Auto Renew, which creates a Windows Task that runs regularly and automatically attempts to renew the certificate.

For this particular site, test.ezrewardstt.com, there was an error with how I configured certify and I think the Auto renew was not running with the correct permissions on the server. So the Auto renew kept on failing, I think because Certify couldn’t access the /.well-known/acme-challenge/ folder.

Anyway, I’ve fixed this issue, and I’m still using LetsEncrypt/Certify for other sites, even on this same server, but I can’t get the certificate for test.ezrewardstt.com to request successfully, it just keeps getting a “Validation of the required challenges did not complete successfully.” error.

I can see that the during the Request Certificate function the Certify process is creating a file within the /.well-known/acme-challenge/ folder, and I can see actually browse to that particular file via the domain e.g. http://test.ezrewardstt.com/.well-known/acme-challenge/HfaT1gfJzCmAM6Ie6mIb3nGz-NorZSXNUfA-7RbHm2I

Here is a dump of some log messages from Certify (I know you probably don’t have anything to do with Certify), but hope this helps:
2018-06-15 16:49:52.660 +10:00 [INF] Performing Config Tests
2018-06-15 16:50:13.675 +10:00 [INF] Beginning Certificate Request Process: ezrewardstt.com
2018-06-15 16:50:13.676 +10:00 [INF] Registering Domain Identifiers
2018-06-15 16:50:13.676 +10:00 [INF] Attempting Domain Validation: test.ezrewardstt.com
2018-06-15 16:50:13.676 +10:00 [INF] Registering and Validating test.ezrewardstt.com
2018-06-15 16:50:17.408 +10:00 [INF] Performing Challenge Response via IIS: test.ezrewardstt.com
2018-06-15 16:50:38.422 +10:00 [INF] Requesting Validation from Let’s Encrypt: test.ezrewardstt.com
2018-06-15 16:50:50.613 +10:00 [INF] Domain validation failed: test.ezrewardstt.com
2018-06-15 16:50:50.631 +10:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: test.ezrewardstt.com
2018-06-15 16:50:50.632 +10:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: test.ezrewardstt.com

Any suggestions or ideas on things to check would be appreciated!


#2

Hi, @nelson.cheng

Are you using one IP per domain? Or all domains on your server should have the same domain? Because test.ezrewardstt.com and ezrewardstt.com are on different domains…

Update: also, the IP for test domain is not accessible from internet. Maybe you are using internal forwarding or forget to open firewall for this IP? (The ezrewardstt.com is working however)

Thank you


#3

Hi Steven,

Sorry for the late reply, I missed the email notification of this response somehow.
That was the issue, the firewall was changed, but now we’ve organised the IP opened up again and it worked.

Thanks so much!
Nelson


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.