Can't renew certificate nenewal

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: zervasandpepper.com

I ran this command: Trying renew from Plesk panel

It produced this output: The authorization token is not available at https://zervasandpepper.com/.well-known/acme-challenge/4_hQTW344WvQRjTYSEXjFhrWkFG2_6a3sfv7BW6U3Io.
The token file ‘C:\Inetpub\vhosts\emmagarland.com\zervasandpepper.com\.well-known\acme-challenge\4_hQTW344WvQRjTYSEXjFhrWkFG2_6a3sfv7BW6U3Io’ is either unreadable or does not have the read permission.
To resolve the issue, correct the permissions on the token file to make it is possible to download it via the above URL.
See the related Knowledge Base article for details.
Details
Invalid response from https://acme-v01.api.letsencrypt.org/acme/authz/4No_oTPkKxomP9khyg9Z3EKe5dEndWgW8lPOU8je_10.
Details:
Type: urn:acme:error:unauthorized
Status: 403
Detail: Invalid response from http://zervasandpepper.com/.well-known/acme-challenge/4_hQTW344WvQRjTYSEXjFhrWkFG2_6a3sfv7BW6U3Io: "

<html xmlns="http"

My web server is (include version): Windows server 2012 r2

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

For whatever reason, you’re not able to serve the challenge file. Are you sure your web server service account has read access to that directory?

Hello Jared

Yes, we have set modify level permission to website directory. Is there any other user to allow permission?

Do you use ASP.NET MVC or URL Rewriting?

Is there a web.config file in .well-known/acme-challenge or the root of your web directory that allows files without extensions to be served? (Like this example. Plesk should do this for you but it may have been accidentally deleted or something.)

Do you use ASP.NET MVC or URL Rewriting?
Ans: we are using umbraco application with URL rewriting.

web.config file is under root of web directory. I can see below line under web.config file.

Also, I have created test.txt file under below directory, but it is throwing an error that Parser Error Message: The configSource file ‘config\umbracoSettings.config’ is also used in a parent, this is not allowed.

https://zervasandpepper.com/.well-known/acme-challenge/test.txt

Is config\umbracoSettings.config referenced twice in C:\inetpub\vhosts\emmagarland.com\zp\web.config? Try commenting out the deeper "child" one.

Also, there are a lot more errors if you click on Show Additional Configuration Errors. It looks like a section may have been copy/pasted twice by accident.

I can see single entry of config\umbracoSettings.config in web.config file. Do you have any other option to fix this issue?

Your test page is accessible now. Maybe some scheduled task from your CMS ran amok?

Try renewing from the Plesk panel again now.

Yes, Lets encrypt certificate has been renewed now and issue has been fixed.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.