Good morning,
I would like to install a certificate on my exchange server, but I have this problem.
Is it possible to help me please.
THANKS!
1 Like
The "timeout" error means the Let's Encrypt server could not reach your domain to prove you control that name. This is likely a firewall or misconfigured comms.
It says SelfHosting so if that means a residential setting make sure to check your router and any NAT or port forwarding in it.
More information from the form you were shown would be helpful to us. It is hard to give specific advice without getting specific info. Thanks
===================================
Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
It produced this output:
My web server is (include version):
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
3 Likes
Hi @kader2006, and welcome to the LE community forum 
Email servers are generally only allowed access for SMTP related ports.
[that said, Windows email servers may use more ports]
After answering the questions posted by @MikeMcQ, ensure that the Internet can reach your email server via HTTP.
3 Likes
Exchange very often runs outlook web access and other http based services on the same machine.
@kader2006 if you cannot enable TCP port 80 access you can also look at DNS validation instead, that way you don't need port 80 open.
6 Likes
My domain is: nouakader.com (GoDaddy)
I ran this command: wacs.exe âtarget manual âhost mail.xxx.com,autodiscover.xxx.com âcertificatestore My âacl-fullcontrol ânetwork service,administratorsâ âinstallation iis,script âinstallationsiteid 1 âscript â./Scripts/ImportExchange.ps1â âscriptparameters ââ{CertThumbprint}â âIIS,SMTP,IMAPâ 1 â{CacheFile}â â{CachePassword}â â{CertFriendlyName}'â
It produced this output: Deactivating pending authorization
My web server is (include version): IIS
The operating system my web server runs on is (include version): Server 2022
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): I don't know (don't tested)
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): no using win-acmev2.2.7.1612
My port 80 is open, and I disabled Windows Firewall.
I have the same error
DNS validation instead, do I look at this on my local DNS server or on my DNS domain host
Hi,
Thank you for your welcome.
1 Like
You said you are using wacs:
What is that version?
Did this ever work?
Have you tried any other client?
[note: I've used https://CertifyTheWeb.com/ on Windows systems without fail]
2 Likes
What is that version? last version
Did this ever work? no first installation
Have you tried any other client? no
[note: I've used https://CertifyTheWeb.com/ on Windows systems without fail] ok
Please provide an actual version number - "last" may mean different things to different people and can change from day to day.
3 Likes
For posterity, anyone searching this site could come across your topic and think "I'm also using the "latest version"... maybe this (solution) is relevant to my case.".
When, in fact, the problems are on two different version, and your solution may do nothing for their problem.
3 Likes
win-acmev2.2.7.1612
If I check the headers of your domain nouakader.com (IP address 3.33.130.190), I'm seeing that a webserver which is calling itself "openresty" is answering. Are you sure your port 80 and 443 are mapped to IIS?
3 Likes
that I think if the default site provided by GoDaddy.
yes i have open 443 and 80 in my router
So if I understand you correctly that means requests for your website are ending up at GoDaddy and not at your server?
4 Likes
I opened port 443 on my router for my iis server ip. ah on the other hand port 80 does not want to open for the IIS address it tells me port conflict
Is the IP address 3.33.130.190 even the address of your server? (There was a reason why I mentioned it in my post earlier.)
And who is actually hosting your server? You've left that question unanswered. Those questions are there to help us help you. Leaving them completely blank is, in my opinion, disrespectful to the volunteers who are trying to help you.
3 Likes
sorry, This IP is for Godaddy not for my server.
my ip server is 192.168.0.253 in internal and public add is (38.xxx.xxx.xxx) for my ISP.
ping mail.nouakader.com you see my address.
thank you for your help .
1 Like
If you want your website to actually work from the public internet, the IP address configured in the DNS needs to be the public IP address of the place where your webserver is actually running.
It seems you're running IIS on your home server and not at GoDaddy? So you'd need to change the IP address in the DNS zone from the GoDaddy IP to your (public) home IP.
This is actually basic networking and not really the scope of this Community.
1 Like