I ran this command:
le64 --key jfreyre-zerossl.key --csr abasy.csr --csr-key abasy.key --crt abasy.crt --domains “abasy.ccg.unam.mx” --path C:\Users\jfreyre\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge --generate-missing --email jfreyre@ccg.unam.mx --renew 89 --issue-code 100
It produced this output:
2019/03/22 13:02:05 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/03/22 13:02:05 Loading an account key from C:\Users\jfreyre\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\SSL_files\jfreyre-zerossl.key
2019/03/22 13:02:05 Loading a CSR from C:\Users\jfreyre\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\SSL_files\abasy.csr
2019/03/22 13:02:05 Checking certificate for expiration (local file).
2019/03/22 13:02:05 Expiration threshold set at 89 days, the certificate expires in 88 days - will be renewing.
2019/03/22 13:02:07 Registering the account key
2019/03/22 13:02:08 The key is already registered. ID: 8666299
2019/03/22 13:02:08 Current contact details: jfreyre@ccg.unam.mx
2019/03/22 13:02:09 Successfully saved a challenge file ‘C:\Users\jfreyre\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge/0aCShSw7bQULkuyUQ1GLuK736PGx5R5tYOXEADwA5EI’ for domain ‘abasy.ccg.unam.mx’
2019/03/22 13:02:12 Domain verification results for ‘abasy.ccg.unam.mx’: error. Invalid response from http://abasy.ccg.unam.mx/.well-known/acme-challenge/0aCShSw7bQULkuyUQ1GLuK736PGx5R5tYOXEADwA5EI [132.248.220.234]: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”\r\n “http://www.w3.org/TR/xhtml1”
2019/03/22 13:02:12 You can now delete the ‘C:\Users\jfreyre\Dropbox (FreyreLab)\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge/0aCShSw7bQULkuyUQ1GLuK736PGx5R5tYOXEADwA5EI’ file.
2019/03/22 13:02:12 All verifications failed
My web server is (include version): Apache/2.4.33 (Win32)
The operating system my web server runs on is (include version): Windows 7 Professional
My hosting provider, if applicable, is: NA
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): ZeroSSL Crypt::LE client v0.32
CN=abasy.ccg.unam.mx
21.03.2019
19.06.2019
expires in 89 days abasy.ccg.unam.mx - 1 entry
And it's CT-logged:
CRT-Id Issuer not before not after Domain names LE-Duplicate
1305798909
CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
2019-03-21 16:52:22
2019-06-19 15:52:22
abasy.ccg.unam.mx
no duplicate
Your port 80 is open, your port 443 uses that certificate.
I created the certificate as follow:
le64 --key jfreyre-zerossl.key --csr abasy.csr --csr-key abasy.key --crt abasy.crt --domains “abasy.ccg.unam.mx” --path %DROPBOXB%\OtrosProyectos\Abasy\Websites\Abasy.well-known\acme-challenge --generate-missing --unlink --email jfreyre@ccg.unam.mx --live
Yes, there is a bot protection that bans by user-agent, but the response is 403 (forbidden) not 404.
No, I’m not running the renewal from 132.248.220.234. I was running on 132.248.220.132. In fact, I created the certificate also running from 132.248.220.132, so I assumed the renewal could be ran from that IP too.
To do HTTP validation, Let’s Encrypt’s validation servers connect to whatever IP addresses your hostname has in the DNS, not necessarily the machine it’s running on.
Sorry, I missed to tell you that I’m using a distributed file system over a gigabit connection so while the challenge file is created in a different machine than the host, it is propagated to the machine hosting the web server. I then suspect the problem is the delay. I will try the --delayed option. Thanks for all your support!