review the IIS web logs - yes
2 Likes
its using http1 and path is C:\inetpub\wwwroot
And that is failing - we know that.
What we don't know is WHY and WHERE it fails.
It could be CF...
It could be IIS...
It could be something else...
2 Likes
The quickest way to test whether the ACME challenge is being affected by the Cloudflare proxy is to pause Cloudflare.
My testing discovered that you are blocking certain user agents via Cloudflare.
When using curl -Iiv http://www.abidefurniture.net/ the response was HTTP/1.1 403 Forbidden
Visiting from a web browser loaded the site, so I figured it was worth trying curl with the user agent from my web browser.
Using curl -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" -Iiv http://www.abidefurniture.net/ returns a HTTP/1.1 301 Moved Permanently to Location: https://www.abidefurniture.net/
You need to get that worked out before you can move along to whatever else may be configured in an manner.
... is sounding like a really good idea.
4 Likes
Although @webprofusion does frequent this forum, you might want to ask for help with that directly on their forum: Certify The Web - Support Community
3 Likes
That dropdown is there to auto populate your domains from an existing IIS site, you don't have to choose anything if you have manually entered the domain. We have pretty extensive documentation at https://docs.certifytheweb.com/
However, from your description it sounds like you don't want to use Certify anyway and you want to move to containers (presumably linux based), so you should do that.
3 Likes
Even i tried my personal domain , i got the same error on docker container
root@1f0b26dc5917:~/certs-data/.well-known# certbot certonly --webroot -w /root/certs-data/ -d wisdomforu.org
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): sairamgopi@gmail.com
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
(Y)es/(N)o: yes
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: yes
Account registered.
Requesting a certificate for wisdomforu.org
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: wisdomforu.org
Type: unauthorized
Detail: 63.250.43.15: Invalid response from http://wisdomforu.org/.well-known/acme-challenge/rUsG6UV10-rtYeUFKuS6pms-Hkg_PVWKqPq_e2YR0LI: 404
Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
Some challenges have failed.
Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/log/letsencrypt/letsencrypt.log or re-run Certbot with -v for more details.
root@1f0b26dc5917:~/certs-data/.well-known#
That is strange.
Those are two different IPs using two different web servers.
I'm confused 
How are they similar?
Do they use similar firewalls/IPS/protection?
Do they have some sort of proxy in their path?
2 Likes
I have purchased the domain in namecheap.com and used it for testing purposes. I have full control to change the setting and I don't have access to the customer GoDaddy domain. even i got the same error while using my domain.
I don't understand why they are both failing.
The only obvious common factor is you.
But you now say you don't have access to the customer domain.
So, that can't be the reason.
So... what other common factors exist that we haven't checked?
What steps have been taking that are similar to each of those systems?
What software is running that is similar in each of those systems?
2 Likes
below is my docker file
# Use an official Certbot image as the base image
FROM certbot/certbot:latest
# Set environment variables for your Certbot configuration
ENV CERTBOT_EMAIL=sairamgopi@gmail.com
ENV CERTBOT_DOMAINS=wisdomforu.org
# Update the package list and install any required dependencies
RUN apk --no-cache add nginx
# Expose port 80/443 for the HTTP-01 challenge
EXPOSE 80 443
# Create a directory to store Certbot configuration
RUN mkdir -p /etc/letsencrypt
# Copy a custom Certbot renewal configuration file (if needed)
COPY certbot_renewal.conf /etc/letsencrypt/renewal
# Start Nginx for the HTTP-01 challenge (you can use a different web server if preferred)
CMD ["nginx", "-g", "daemon off;"]
That implies nginx is not running otherwise.
But I see nginx responding now.
hmm...
So, does that mean there are multiple nginx in that system?
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.