Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It produced this output:
[INFO] Force renewing certificate for [Manual] sctch.co.il
[WARN] First chance error calling into ACME server, retrying with new nonce...
[INFO] Authorize identifier: sctch.co.il
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: www.sctch.co.il
[INFO] Authorizing www.sctch.co.il using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://www.sctch.co.il/.well-known/acme-challenge/UG-ajdVVR6hrDeu2cCt0vQ95YOdeum_mxY5jlXOqX40
[WARN] Preliminary validation failed, found (null) instead of UG-ajdVVR6hrDeu2cCt0vQ95YOdeum_mxY5jlXOqX40.DBfAjJBOeiMcz-ocDTx2iwCr3rAEO64lpMPir1lhtmk
[EROR] {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "The key authorization file from the server did not match this challenge "UG-ajdVVR6hrDeu2cCt0vQ95YOdeum_mxY5jlXOqX40.DBfAjJBOeiMcz-ocDTx2iwCr3rAEO64lpMPir1lhtmk" != "hello world"",
"status": 403
}
[EROR] Authorization result: invalid
[EROR] Renewal for [Manual] sctch.co.il failed, will retry on next run
My web server is (include version): apache
The operating system my web server runs on is (include version):Windows10 & XAMPP
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
I am having trouble renewing the certificate win-acme cannot renew trough http://www.sctch.co.il
Is there any way of making win-acme renewal through http://sctch.co.il instead of www.sctch.co.il
The site cannot be reached through www .
Why does your webserver reply with "hello world" when asked for the challenge token? That's weird.. It seems the only thing your webserver does is reply with "hello world". Let's Encrypt requires to see the actual content of the challenge file and not "hello world".
thank you for your reply
the server works if it is http or https but not with www
I don't know why.
I also have another website on the same server its https://scts.co.il and it does work with www.scts.co.il too.
I see you've Cloudflare enabled. Could it be a Cloudflare thing?
In any case, the fact your www site just returns hello world for every request is not a Let's Encrypt issue. It's the cause why it's not working, but I have the feeling this is something you should fix and we're not really the right Community to talk you through such a basic webserver configuration issue.
Hello again
I fixed the "hello world" problem via dns .
But the renewal still in error as follow :
[INFO] Force renewing certificate for [Manual] sctch.co.il
[WARN] First chance error calling into ACME server, retrying with new nonce...
[INFO] Authorize identifier: sctch.co.il
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: www.sctch.co.il
[INFO] Authorizing www.sctch.co.il using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://www.sctch.co.il/.well-known/acme-challenge/LSxQMDanymWYwFUjhNb1pccceZfL_su7XcnX-8FtM4A
[EROR] Preliminary validation failed
System.Net.WebException: The remote name could not be resolved: 'www.sctch.co.il'
at System.Net.HttpWebRequest.GetResponse()
at PKISharp.WACS.Plugins.ValidationPlugins.HttpValidation2.WarmupSite() at PKISharp.WACS.Plugins.ValidationPlugins.HttpValidation2.PrepareChallenge()
[EROR] {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for www.sctch.co.il - check that a DNS record exists for this domain",
"status": 400
}
[EROR] Authorization result: invalid
[EROR] Renewal for [Manual] sctch.co.il failed, will retry on next run
I'm not seeing any issue with the DNS resolving of your www subdomain. The error is also not from Let's Encrypt itself it seems, but from WACS trying to do a preliminary "pre-test" of the hostname locally which is failing.
[INFO] Force renewing certificate for [Manual] sctch.co.il
[WARN] First chance error calling into ACME server, retrying with new nonce...
[INFO] Authorize identifier: sctch.co.il
[INFO] Cached authorization result: valid
[INFO] Authorize identifier: www.sctch.co.il
[INFO] Authorizing www.sctch.co.il using http-01 validation (FileSystem)
[INFO] Answer should now be browsable at http://www.sctch.co.il/.well-known/acme-challenge/igxSUlCFynRrUpJkcaWcY7vnfDc4HVWUj50awYqTqH4
[EROR] Preliminary validation failed
System.Net.WebException: The remote server returned an error: (404) Not Found.
at System.Net.HttpWebRequest.GetResponse()
at PKISharp.WACS.Plugins.ValidationPlugins.HttpValidation2.WarmupSite() at PKISharp.WACS.Plugins.ValidationPlugins.HttpValidation2.PrepareChallenge()
[EROR] {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "Invalid response from https://www.sctch.co.il/.well-known/acme-challenge/igxSUlCFynRrUpJkcaWcY7vnfDc4HVWUj50awYqTqH4 [192.115.85.211]: "\n\t\n\t<html class=\"html\" dir=\"rtl\" lang=\"he-IL\">\n\t\t\n\t\t\t<meta charset=\"UTF-8\">\n\t\t\t<link rel=\"profile\" href=\"ht"",
"status": 403
}
[EROR] Authorization result: invalid
[EROR] Renewal for [Manual] sctch.co.il failed, will retry on next run
You're using Apache on Windows so you need to configure apache to pass /.well-known/acme-challenge requests through to the filesystem instead of passing them to your website content management system (php application etc).
I don't remember the config but you can probably google it.
That's weird.. It seems the only thing your webserver does is reply with "hello world". Let's Encrypt requires to see the actual content of the challenge file and not "hello world".