Does LE host their API servers on Cloudflare?
Regarding the error in the Certify logs, since you last tried to request a certificate you appear to have manually selected
Use Staging Mode (test certificates) under
Certificate > Advanced > Certificate Authority but you haven't added a Staging Let's Encrypt account - to do that go to
Settings > Certificate Authorities and add another Let's Encrypt account (can be same email) but select
Advanced> Use Staging (Test) Mode in the account editor.
Regarding Let's Encrypt API servers I believe they use Amazon Web Services in at least the US and Germany, across many different IP addresses.
Certify uses Cloudflare (and AWS) for some of it's API stuff.
Yes and no. They use the cloudflare CDN in front of them.
But note that the API servers you call and the verification servers that call you are different machines with different IPs, and cloudflare only applies to the actual API
Noted @9peppe...thanks for sharing
Will the files below be of any issues?
And , I did a DNS validation and updated the TXT record that it asked. But the status is 'PAUSED"? How can i resume it?
Re: the files in /well-known/acme-challenge, you can ignore them or delete them. They don't matter anyway as the built in http challenge server should be doing http challenge response, not IIS (which is what those files are for).
Re: continuing manual dns validation - the rest of the instructions should say something like "click Request Certificate to resume". So Click on your managed certificate and click "Request Certificate" to resume.
it says like this at the end of the logs:
2022-04-01 06:30:41.279 +03:00 [INF] DNS: (Update DNS Manually) :: Please login to your DNS control panel for the domain 'sys.azoom.uk' and create a new TXT record named:
with the value:
2022-04-01 06:30:41.279 +03:00 [INF] Requesting Validation: sys.azoom.uk
2022-04-01 06:30:41.280 +03:00 [INF] (Update DNS Manually) :: Please login to your DNS control panel for the domain 'sys.azoom.uk' and create a new TXT record named:
with the value:
2022-04-01 06:30:41.699 +03:00 [INF]
2022-04-01 07:28:08.451 +03:00 [INF] ---- Beginning Request [sys.azoom.uk] ----
2022-04-01 07:28:08.451 +03:00 [INF] Certificate Request Skipped, Awaiting User Input: sys.azoom.uk
2022-04-01 07:28:08.452 +03:00 [INF]
So did you click "Request Certificate" again? That's how you resume the certificate order once you've updated your DNS.
By the way I've just checked your domain online and it doesn't seem to be setup properly (the nameservers appear to be wrong), so you should stop and fix that first otherwise you'll get nowhere.
Forget about what i said earlier, manage to 'resume'. Its just basically go back to manage certificates and request again. so, it completes the process and marked completed
Tried to look to the Certify article on DNS-ACME validation but doesnt state where is the PEM and CER/DER and the Root cert
Your validation method (using http-01 or dns-01 challenges to prove you control the domain) has nothing to do with the resulting certificate files.
By default Certify The Web produces a PFX file (which is also stored in the local machine certificate store). If you want pem etc files add the "Deploy to Generic Server" deployment task under Tasks (set the output file path parameters as required), then run the task (you don't need to request your certificate again, just save and run the task), this will convert the PFX into the component pem files etc and you can then use those files for other types of services.
The exact files you need will depend on which service you are trying to apply the certificate to (there are thousands of possible services each with their own method for configuring the certificates).
Regarding your DNS validation, using the manual DNS option is very much a temporary solution and you should move to one of the automated methods, otherwise you will need to manually repeat the DNS updates for every renewal.
General further questions regarding Certify The Web functionality can be directed to https://community.certifytheweb.com
Hi @webprofusion, even though DNS validation is the easiest, noted that it will be a hassle to have the task recurring to a endless cycle. Everybody tells me DONTTTT!!
I get it, for temporary solution, it will be good.Just want to share with you that we did LE for a Linux machine and its easy as a click. This is the 1st time deploying for MS Windows and suddenly got filtering issue that we need to look into and fix this
We anticipate that this post will be longgg, please bare with us fellas
If you want to go back to
HTTP-01 authentication, you will need to remove the 403 forbidden restriction:
curl -Ii http://sys.azoom.uk/.well-known/acme-challenge/test.txt HTTP/1.1 403 Forbidden Connection: close Content-Type: text/html Cache-Control: no-cache X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'self' Content-Length: 3479
@rg305 yup, you're right. I was going through the permissions but didn't found yet why is it throwing 403. I'll get back to this, stay tune!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.