It produced this output: Authorizing Identifier grsoftware.mooo.info Using Challenge Type http-01
Writing challenge answer to D:\ASEC Core Site.well-known/acme-challenge/N3XYaHdMip8OfvGhg_CWPI12V35-StdlAio5FhcZ6Xc
Writing web.config to add extensionless mime type to D:\ASEC Core Site.well-known\acme-challenge\web.config
Answer should now be browsable at http://grsoftware.mooo.info/.well-known/acme-challenge/N3XYaHdMip8OfvGhg_CWPI12V35-StdlAio5FhcZ6Xc
Submitting answer
Refreshing authorization
Authorization Result: invalid
Authorization Failed invalid
Check in a browser to see if the answer file is being served correctly.
Authorize failed: This could be caused by IIS not being setup to handle extensionless static files.Here’s how to fix that: 1.In IIS manager goto Site/ Server->Handler Mappings->View Ordered List
2.Move the StaticFile mapping above the ExtensionlessUrlHandler mappings. (like this http://i.stack.imgur.com/nkvrL.png)
3.If you need to make changes to your web.config file, update the one at D:\TempSSL\web_config.xml
My web server is (include version): IIS (Windows 10? Can’t find the version number)
The operating system my web server runs on is (include version): Windows 10
My hosting provider, if applicable, is: Site hosted at home
I can login to a root shell on my machine (yes or no, or I don’t know): Kind of… does DOS count?
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No. IIS and .NET Core configuration
It isn’t being served correctly—that file is blank. (Literally blank as in 0 bytes.) Would you be able to make another test file within /.well-known/acme-challenge to see if it gets served by the server?
I first thought this too but have seen where it's just the display here that doesn't show it.
like: x:\simple.test (which contains two slashes but displays only one)
That particular error does make it harder to check when you’ve succeeded in posting files there, yet it wouldn’t stop validation from the certificate authority for succeeding because the certificate authority validator ignores that error.
Do you have a machine where you could check with curl instead? It’s possible to make curl ignore this error, for example.
I don’t understand how using a tool that ignores the error is going to help solve the problem.
Tell you what - I’ll go somewhere else where I have to pay through the nose for an https service, just because Amazon won’t allow me to connect without one.
Go democracy.
This is because the Let's Encrypt CA also does not enforce certificate checks when connecting to your machine to validate this challenge. A significant reason for this is to allow renewal of certificates that have already expired when the http:// version of the site generates an unconditional permanent redirect to the https:// version, because the CA follows redirects in this case.
Therefore, curl -k would let you see the challenge behavior in a way that looks like what the certificate authority sees, while a browser doesn't, because the browser enforces certificate checks. If you run with curl -k, you can see what the CA is seeing in this case, which may then help debug why it rejects the challenge validation.
I faced the same problem few days back .I was stuck in “Authorization Result : INVALID” several time .
os : windows server 2012 R2
letsencrypt client : “letsencrypt-win-simple”
Just went to the github releases of “letsencrypt-win-simple” . Downloaded new release . It fixed my problem . Everything is working fine now . You need to check Your letsencrypt client version .
