Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:planningaccesstest.york.gov.uk
I ran this command:Manually create, validate to FS, .pem file, etc
It produced this output: 403 error during preliminary validation for well-known folder
My web server is (include version): Apache 2.4.39-1 with Wildfly 10
The operating system my web server runs on is (include version): Windows 2012r2
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): wacs 2.0.9.386
The specific issue is that whereever I place the .well-known\acme-challenge folder, wacs is not able to use it or see it.
Is there another client that would work better than Win-Acme? Do I need to use a different method to set the certificate up?
I know Wildfly is going to need it adding to its certificate store separately (that’s not an issue).
If you’ve got Apache httpd setup with mod_proxy (or similar) front of Wildly, then we can forget about Wildfly: it’s non-factor for both validation and installation of the certificate. Apache covers all of that on its own.
Thankls for the reply, but this make no difference.
The .well-known/acme-challenge folder throws a 403 error consitently, and gives a page not found when browsed to.
There are quite a few - ACME Client Implementations - Let's Encrypt
Please note that even though the section says Windows / IIS, that does not mean it is only for the clients specifically tailored for IIS. For example ZeroSSL (which is my client) can produce the certificate perfectly suitable for Apache, with an option to also export it into PFX (if IIS is actually used).
However, from your last post it does not seem that it is a problem with the client you are using, but with the setup of your server or the permissions on the file system. Perhaps checking Apache logs would help you to pinpoint the problem.
I copied your config into a blank Apache server and was able to create a file at C:/IDOX/Apache/Apache-2.4.39-1/htdocs/.well-known/acme-challenge/testfile and then visit it at http://planningaccesstest.york.gov.uk/.well-known/acme-challenge/testfile.
Does C:/IDOX/Apache/Apache-2.4.39-1/htdocs/.htaccess exist at all? It’s possible that something in there could be intercepting the request.