It seems like that part is now in place:
Name: mail.nouakader.com
Address: 38.108.88.134
I am not sure what you are asking either but if you are trying to get a cert for mail.nouakader.com using an HTTP Challenge there may be a problem with your IIS configuration.
You are redirecting the ACME HTTP Challenge to a URI which is part of a login page. You are supposed to return the challenge value placed by your ACME Client (wacs in this case). The below test site gets a 404 Not Found as is expected for the test case. But, that URL you redirect to looks like it would not work for an actual challenge.
See the detailed output at the top of this result page:
If this is a new setup have you considered Certify the Web for your ACME client? It might be easier to setup.
There is something still OFF with this system:
curl -Ii mail.nouakader.com
HTTP/1.1 302 Moved Temporarily
Connection: close
Content-Length: 0
Date: Fri, 23 Feb 2024 22:04:31 GMT
Expires: 0
Cache-Control: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: PRTG <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Location: https://mail.nouakader.com/?
And it's way too sensitive:
[it blocked my IP almost immediately]
curl -Ii mail.nouakader.com/.well-known/acme-challenge/Test_File-1234
curl: (56) Recv failure: Connection reset by peer
Once it settled down, and allowed my requests again... I see what @MikeMcQ saw.
That it isn't redirecting the HTTP ACME challenge requests to HTTPS [which would work - given: IIS is listening on 443].
curl -Iik https://mail.nouakader.com/.well-known/acme-challenge/Test_File-1234
HTTP/2 404
content-length: 0
server: Microsoft-IIS/10.0 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
date: Fri, 23 Feb 2024 22:12:33 GMT
Instead: It redirects to a login page:
curl -Ii mail.nouakader.com/.well-known/acme-challenge/Test_File-1234
HTTP/1.1 302 Moved Temporarily
Connection: close
Content-Length: 0
Date: Fri, 23 Feb 2024 22:09:36 GMT
Expires: 0
Cache-Control: no-cache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: PRTG <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Location: /public/login.htm?loginurl=%2F.well-known%2Facme-challenge%2FTest_File-1234&errorid=0
[still PRTG]
The log
2024-02-22 22:59:55.080 -05:00 [WRN] Cached order has status invalid, discarding
2024-02-22 22:59:55.084 -05:00 [DBG] Deleted C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders\2e2ae6250046517f9243d98d7f4bf703b60d8123.order.json
2024-02-22 22:59:55.094 -05:00 [VRB] Creating order for identifiers: ["mail.nouakader.com","autodiscover.nouakader.com"] (notAfter: null)
2024-02-22 22:59:55.144 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/new-order"
2024-02-22 22:59:55.144 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsIm5vbmNlIjoiOC00Y0U0SFJvWWVQNGZiTUZLbVdNR3JLTXZ1RzR5NDk0T2dUb0lLTTVyZDBxN093ZERZIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNTg5ODc3In0","payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoibWFpbC5ub3Vha2FkZXIuY29tIn0seyJ0eXBlIjoiZG5zIiwidmFsdWUiOiJhdXRvZGlzY292ZXIubm91YWthZGVyLmNvbSJ9XX0","signature":"7yMdldzbFd_5sNYOEgVhBkZ1sOi4ishgo5QqarLtdvjrqWjPC9xnV2b7MJMfxHU43JHMgwvuvvNpKI9tTjZKeg"}
2024-02-22 22:59:55.403 -05:00 [VRB] [HTTP] Request completed with status "Created"
2024-02-22 22:59:55.404 -05:00 [VRB] [HTTP] Response content: {
"status": "pending",
"expires": "2024-03-01T03:59:50Z",
"identifiers": [
{
"type": "dns",
"value": "autodiscover.nouakader.com"
},
{
"type": "dns",
"value": "mail.nouakader.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524207",
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524217"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1582589877/246732032237"
}
2024-02-22 22:59:55.415 -05:00 [VRB] Order https://acme-v02.api.letsencrypt.org/acme/order/1582589877/246732032237 created
2024-02-22 22:59:55.441 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524207"
2024-02-22 22:59:55.441 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODQzMTUyNDIwNyIsIm5vbmNlIjoiOC00Y0U0SFJnWjlzMTRNWWFucmNGcGdSR1pLTXpzVnNYWjJjT0tUZXdpR2tjbEhMaTFnIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNTg5ODc3In0","payload":"","signature":"P0PIgye4hu8rEoNELhPdF6wNcJAG22HbRAWVkOaGAmlRPS2oCMv4Rr8MAXd3nhbdORKSwhfa1e92uYX7orY_kw"}
2024-02-22 22:59:55.508 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 22:59:55.508 -05:00 [VRB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "autodiscover.nouakader.com"
},
"status": "pending",
"expires": "2024-03-01T03:59:50Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/2JcCxw",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/7ZmMXQ",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo"
}
]
}
2024-02-22 22:59:55.519 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524217"
2024-02-22 22:59:55.519 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODQzMTUyNDIxNyIsIm5vbmNlIjoiOC00Y0U0SFJBSzlCdk02R1pkb2NtVWpUek5sZDRoRThjSDhRNTdmcVI2R2tiLWJnSDhZIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNTg5ODc3In0","payload":"","signature":"hDNJxa7LhPOd4ggdOVOOhanKzzPgVLUu3yL4qMFnU-rpPYdVvDOuJ_uWpBUnlDWltDoiD1dU2uHfdyBWcyeOug"}
2024-02-22 22:59:55.593 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 22:59:55.593 -05:00 [VRB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "mail.nouakader.com"
},
"status": "pending",
"expires": "2024-03-01T03:59:50Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/Vb1EUA",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/Kj8HDQ",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/1kKazg",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
}
]
}
2024-02-22 22:59:55.606 -05:00 [VRB] Autofac: creating Target scope with parent PluginBackend
2024-02-22 22:59:55.606 -05:00 [VRB] Autofac: creating PluginFrontend scope with parent target
2024-02-22 22:59:55.612 -05:00 [VRB] W3SVC detected and running
2024-02-22 22:59:55.612 -05:00 [VRB] No FTPSVC detected
2024-02-22 22:59:55.641 -05:00 [VRB] Autofac: creating Target scope with parent PluginBackend
2024-02-22 22:59:55.641 -05:00 [VRB] Autofac: creating PluginFrontend scope with parent target
2024-02-22 22:59:55.643 -05:00 [VRB] W3SVC detected and running
2024-02-22 22:59:55.643 -05:00 [VRB] No FTPSVC detected
2024-02-22 22:59:55.664 -05:00 [VRB] Autofac: creating PluginBackend scope with parent PluginBackend
2024-02-22 22:59:55.668 -05:00 [VRB] Handle authorization 1/2
2024-02-22 22:59:55.668 -05:00 [VRB] Autofac: creating PluginBackend scope with parent PluginBackend
2024-02-22 22:59:55.674 -05:00 [INF] [autodiscover.nouakader.com] Authorizing...
2024-02-22 22:59:55.674 -05:00 [VRB] [autodiscover.nouakader.com] Initial authorization status: pending
2024-02-22 22:59:55.674 -05:00 [VRB] [autodiscover.nouakader.com] Challenge types available: ["http-01","dns-01","tls-alpn-01"]
2024-02-22 22:59:55.674 -05:00 [VRB] [autodiscover.nouakader.com] Initial challenge status: pending
2024-02-22 22:59:55.677 -05:00 [INF] [autodiscover.nouakader.com] Authorizing using http-01 validation (SelfHosting)
2024-02-22 22:59:55.687 -05:00 [VRB] Starting commit stage
2024-02-22 22:59:55.702 -05:00 [VRB] Commit was succesful
2024-02-22 22:59:55.704 -05:00 [DBG] [autodiscover.nouakader.com] Submitting challenge answer
2024-02-22 22:59:55.710 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg"
2024-02-22 22:59:55.711 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxODQzMTUyNDIwNy81Qmp5Q2ciLCJub25jZSI6IjgtNGNFNEhSRlZLYW52bHNvRFRnMEFTcWdlV1Z6ZUltQ1RHVC15cmptQVJ5MWNDOVNDNCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4MjU4OTg3NyJ9","payload":"e30","signature":"nSuH_5XaIxZNwuxguG2Cwh3AdxnpF5svpoP1Rx8dbhazFVUeGxnQyA-RJAtfwu414isGP9CbuRVIsGDGDXGs1g"}
2024-02-22 22:59:55.775 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 22:59:55.775 -05:00 [VRB] [HTTP] Response content: {
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo"
}
2024-02-22 23:00:20.785 -05:00 [DBG] Refreshing authorization (1/35)
2024-02-22 23:00:20.793 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg"
2024-02-22 23:00:20.793 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMxODQzMTUyNDIwNy81Qmp5Q2ciLCJub25jZSI6IjgtNGNFNEhSVmhWQndobHYxS1pDbUVPd0xmdWVyc0NXQzIyTEhHSl9vLWM5Z3pJYkxEOCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTU4MjU4OTg3NyJ9","payload":"","signature":"19rSrZg8-41gzj5REEMtC4_q7HVRxxIZETeSvf8WrVFwUImKPDdXKGqt0eKJdVEgofBHmkFobvSSgdosaE3Ldw"}
2024-02-22 23:00:20.870 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 23:00:20.871 -05:00 [VRB] [HTTP] Response content: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "38.108.xx.xxx: Fetching http://autodiscover.nouakader.com/.well-known/acme-challenge/80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo",
"validationRecord": [
{
"url": "http://autodiscover.nouakader.com/.well-known/acme-challenge/80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo",
"hostname": "autodiscover.nouakader.com",
"port": "80",
"addressesResolved": [
"38.108.xx.xxx"
],
"addressUsed": "38.108.xx.xxx",
"resolverAddrs": [
"A:10.1.12.85:25056",
"AAAA:10.1.12.85:25056"
]
}
],
"validated": "2024-02-23T03:59:50Z"
}
2024-02-22 23:00:20.876 -05:00 [ERR] [autodiscover.nouakader.com] Authorization result: invalid
2024-02-22 23:00:20.885 -05:00 [ERR] [autodiscover.nouakader.com] {"type":"urn:ietf:params:acme:error:connection","detail":"38.108.xx.xxx: Fetching http://autodiscover.nouakader.com/.well-known/acme-challenge/80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo: Timeout during connect (likely firewall problem)","status":400,"instance":null}
2024-02-22 23:00:20.890 -05:00 [VRB] Starting post-validation cleanup
2024-02-22 23:00:20.894 -05:00 [VRB] Post-validation cleanup was succesful
2024-02-22 23:00:20.899 -05:00 [INF] [autodiscover.nouakader.com] Deactivating pending authorization
2024-02-22 23:00:20.907 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524207"
2024-02-22 23:00:20.907 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODQzMTUyNDIwNyIsIm5vbmNlIjoiM2lpWU40dTR2eDJYbkZac21jTTZ3ajZDak1mZUZRcWh1TTVrbm5MMUpmWE5FUjV4TXk0Iiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNTg5ODc3In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"7TdMwGEBIZCBZIszRZf5h8YQ9cnY5p2Qb05jpOgEyWiA_1JVyElHGcBp82_u_zwUeS_ftP7xpN2tOeiXKLb9iA"}
2024-02-22 23:00:20.911 -05:00 [INF] [mail.nouakader.com] Deactivating pending authorization
2024-02-22 23:00:21.094 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 23:00:21.095 -05:00 [VRB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "autodiscover.nouakader.com"
},
"status": "deactivated",
"expires": "2024-03-01T03:59:50Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "38.108.xx.xxx: Fetching http://autodiscover.nouakader.com/.well-known/acme-challenge/80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo: Timeout during connect (likely firewall problem)",
"status": 400
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524207/5BjyCg",
"token": "80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo",
"validationRecord": [
{
"url": "http://autodiscover.nouakader.com/.well-known/acme-challenge/80z6s9_DSBx0czSQyzGcP3NRy3zW0L0CwOmIHbfodUo",
"hostname": "autodiscover.nouakader.com",
"port": "80",
"addressesResolved": [
"38.108.xx.xxx"
],
"addressUsed": "38.108.xx.xxx",
"resolverAddrs": [
"A:10.1.12.85:25056",
"AAAA:10.1.12.85:25056"
]
}
],
"validated": "2024-02-23T03:59:50Z"
}
]
}
2024-02-22 23:00:21.101 -05:00 [DBG] [HTTP] Send POST to "https://acme-v02.api.letsencrypt.org/acme/authz-v3/318431524217"
2024-02-22 23:00:21.101 -05:00 [VRB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMxODQzMTUyNDIxNyIsIm5vbmNlIjoiOC00Y0U0SFJVZnFqWklXaXhRODdrQ0lidXhCZXlSR0RkV0Z6azJYZ0VsM1U2QkZWSVYwIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNTgyNTg5ODc3In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"olF9kCuXOHZSYhoAgk0zFKjafVEObllfm64v8E2rxHwlGxyLmnNvKOzzualTyNaFBP9I9Y6p2V2u30N195swaQ"}
2024-02-22 23:00:21.222 -05:00 [VRB] [HTTP] Request completed with status "OK"
2024-02-22 23:00:21.223 -05:00 [VRB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "mail.nouakader.com"
},
"status": "deactivated",
"expires": "2024-03-01T03:59:50Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/Vb1EUA",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/Kj8HDQ",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/318431524217/1kKazg",
"token": "LUYrbWEDDyL57kpaKuytPm9JCby9ELJckbWtCI7suGU"
}
]
}
2024-02-22 23:00:21.235 -05:00 [VRB] Order 1/1 (Main): error Validation failed
2024-02-22 23:00:21.238 -05:00 [VRB] Processing order 1/1: Main
2024-02-22 23:00:21.244 -05:00 [ERR] Create certificate failed
2024-02-22 23:00:21.245 -05:00 [VRB] Exiting with status code -1
Thank you, i test this.
Is there a server running PRTG?
Do you control the edge router?
If so, then to which IP are all the HTTP requests being sent?
Does that IP match the IP of the HTTPS requests?
Yes in ip 192.168.0.253
