[EROR] [sys.azoom.uk] Authorization result: pending

Does LE host their API servers on Cloudflare?

Regarding the error in the Certify logs, since you last tried to request a certificate you appear to have manually selected Use Staging Mode (test certificates) under Certificate > Advanced > Certificate Authority but you haven't added a Staging Let's Encrypt account - to do that go to Settings > Certificate Authorities and add another Let's Encrypt account (can be same email) but select Advanced> Use Staging (Test) Mode in the account editor.

Regarding Let's Encrypt API servers I believe they use Amazon Web Services in at least the US and Germany, across many different IP addresses.

Certify uses Cloudflare (and AWS) for some of it's API stuff.

2 Likes

Yes and no. They use the cloudflare CDN in front of them.

But note that the API servers you call and the verification servers that call you are different machines with different IPs, and cloudflare only applies to the actual API acme-v02.api.letsencrypt.org.

3 Likes

Noted @9peppe...thanks for sharing

1 Like

Hi @webprofusion,

Will the files below be of any issues?

And , I did a DNS validation and updated the TXT record that it asked. But the status is 'PAUSED"? How can i resume it?

Re: the files in /well-known/acme-challenge, you can ignore them or delete them. They don't matter anyway as the built in http challenge server should be doing http challenge response, not IIS (which is what those files are for).

Re: continuing manual dns validation - the rest of the instructions should say something like "click Request Certificate to resume". So Click on your managed certificate and click "Request Certificate" to resume.

2 Likes

it says like this at the end of the logs:

2022-04-01 06:30:41.279 +03:00 [INF] DNS: (Update DNS Manually) :: Please login to your DNS control panel for the domain 'sys.azoom.uk' and create a new TXT record named:
_acme-challenge.sys.azoom.uk
with the value:
YFtrl8nuPk9h0BBC4wwPkD1UcoMd446Jkgj5L5H4pKI
2022-04-01 06:30:41.279 +03:00 [INF] Requesting Validation: sys.azoom.uk
2022-04-01 06:30:41.280 +03:00 [INF] (Update DNS Manually) :: Please login to your DNS control panel for the domain 'sys.azoom.uk' and create a new TXT record named:
_acme-challenge.sys.azoom.uk
with the value:
Balalalabalalalala1UcoMd446JBalabalaKI

2022-04-01 06:30:41.699 +03:00 [INF]
2022-04-01 07:28:08.451 +03:00 [INF] ---- Beginning Request [sys.azoom.uk] ----
2022-04-01 07:28:08.451 +03:00 [INF] Certificate Request Skipped, Awaiting User Input: sys.azoom.uk
2022-04-01 07:28:08.452 +03:00 [INF]

So did you click "Request Certificate" again? That's how you resume the certificate order once you've updated your DNS.

By the way I've just checked your domain online and it doesn't seem to be setup properly (the nameservers appear to be wrong), so you should stop and fix that first otherwise you'll get nowhere.

2 Likes

Forget about what i said earlier, manage to 'resume'. Its just basically go back to manage certificates and request again. so, it completes the process and marked completed

Tried to look to the Certify article on DNS-ACME validation but doesnt state where is the PEM and CER/DER and the Root cert

Your validation method (using http-01 or dns-01 challenges to prove you control the domain) has nothing to do with the resulting certificate files.

By default Certify The Web produces a PFX file (which is also stored in the local machine certificate store). If you want pem etc files add the "Deploy to Generic Server" deployment task under Tasks (set the output file path parameters as required), then run the task (you don't need to request your certificate again, just save and run the task), this will convert the PFX into the component pem files etc and you can then use those files for other types of services.

The exact files you need will depend on which service you are trying to apply the certificate to (there are thousands of possible services each with their own method for configuring the certificates).

3 Likes

Regarding your DNS validation, using the manual DNS option is very much a temporary solution and you should move to one of the automated methods, otherwise you will need to manually repeat the DNS updates for every renewal.

General further questions regarding Certify The Web functionality can be directed to https://community.certifytheweb.com

4 Likes

Hi @webprofusion, even though DNS validation is the easiest, noted that it will be a hassle to have the task recurring to a endless cycle. Everybody tells me DONTTTT!!

I get it, for temporary solution, it will be good.Just want to share with you that we did LE for a Linux machine and its easy as a click. This is the 1st time deploying for MS Windows and suddenly got filtering issue that we need to look into and fix this

We anticipate that this post will be longgg, please bare with us fellas

1 Like

If you want to go back to HTTP-01 authentication, you will need to remove the 403 forbidden restriction:

curl -Ii http://sys.azoom.uk/.well-known/acme-challenge/test.txt
HTTP/1.1 403 Forbidden
Connection: close
Content-Type: text/html
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
Content-Length: 3479
1 Like

@rg305 yup, you're right. I was going through the permissions but didn't found yet why is it throwing 403. I'll get back to this, stay tune!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.