Cert renewal Azure VM Windows 2016

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: demovm-1.eastus.cloudapp.azure.com/

I ran this command: used win-acme Renew all

It produced this output::
N: Create new certificate (simple for IIS)
M: Create new certificate (full options)
L: List scheduled renewals
R: Renew scheduled
S: Renew specific
A: Renew all
O: More options…
Q: Quit

Please choose from the menu: a

[INFO] Force renewing certificate for [IISBinding] demovm-1.eastus.cloudapp.azure.com
[WARN] First chance error calling into ACME server, retrying with new nonce…
[INFO] Authorize identifier: demovm-1.eastus.cloudapp.azure.com
[INFO] Authorizing demovm-1.eastus.cloudapp.azure.com using http-01 validation (SelfHosting)
[EROR] Authorization timed out
[EROR] Renewal for [IISBinding] demovm-1.eastus.cloudapp.azure.com failed, will retry on next run

My web server is (include version):IIS 10.0.14393.0

The operating system my web server runs on is (include version):Win 2016 Version 1607 (OS Build 14393.3564)

My hosting provider, if applicable, is: Azure - Wincodw 2016 VM w/ IIS

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @lls55

your http port doesn’t answer - see https://check-your-website.server-daten.de/?q=demovm-1.eastus.cloudapp.azure.com

Domainname Http-Status redirect Sec. G
http://demovm-1.eastus.cloudapp.azure.com/ 40.117.239.176 -14 10.140 T
Timeout - The operation has timed out
https://demovm-1.eastus.cloudapp.azure.com/ 40.117.239.176 -14 10.037 T
Timeout - The operation has timed out
http://demovm-1.eastus.cloudapp.azure.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 40.117.239.176 -14 10.040 T
Timeout - The operation has timed out

Only timeouts. Your error message shows the same:

A working port 80 is required if you want to use http validation.

Read

May be a not running webserver, may be a blocking firewall.

2 Likes

Yes, you need to open port 80 and port 443, both on the machine firewall and in Azure networking for your cloud vm instance. This is to allow http validation on port 80 and to allow your https connection once you have https working.

Ultimately you need a working publicly visible website before you can use http validation, although you can alternatively use DNS validation.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.