Error certificate validation


#1

Hello, I need help in order to complete my certificate request.

My domain is: rdp.is-lotto.com

I ran this command: Request certificate in Certify The Web app

It produced this output:

2018-11-30 16:36:39.013 +01:00 [INF] Preparing challenge response for Let’s Encrypt server to check at: http://rdp.is-lotto.com/.well-known/acme-challenge/vRCh5zzFcUcoHsvoHn3yH-Xq70yUmQBmdHjRPEVtZgI
2018-11-30 16:36:39.013 +01:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2018-11-30 16:36:39.028 +01:00 [INF] Using website path C:\inetpub\wwwroot
2018-11-30 16:36:39.029 +01:00 [INF] Checking URL is accessible: http://rdp.is-lotto.com/.well-known/acme-challenge/vRCh5zzFcUcoHsvoHn3yH-Xq70yUmQBmdHjRPEVtZgI [proxyAPI: True, timeout: 5000ms]
2018-11-30 16:36:45.124 +01:00 [INF] (proxy api) URL is not accessible. Result: [404] Resource not accessible, Timeout or Redirected
2018-11-30 16:36:45.125 +01:00 [INF] Checking URL is accessible: http://rdp.is-lotto.com/.well-known/acme-challenge/vRCh5zzFcUcoHsvoHn3yH-Xq70yUmQBmdHjRPEVtZgI [proxyAPI: False, timeout: 5000ms]
2018-11-30 16:36:45.324 +01:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2018-11-30 16:36:45.324 +01:00 [INF] Requesting Validation from Let’s Encrypt: rdp.is-lotto.com
2018-11-30 16:36:45.324 +01:00 [INF] Attempting Challenge Response Validation for Domain: rdp.is-lotto.com
2018-11-30 16:36:45.324 +01:00 [INF] Registering and Validating rdp.is-lotto.com
2018-11-30 16:36:45.324 +01:00 [INF] Checking automated challenge response for Domain: rdp.is-lotto.com
2018-11-30 16:36:58.122 +01:00 [INF] Fetching http://rdp.is-lotto.com/.well-known/acme-challenge/vRCh5zzFcUcoHsvoHn3yH-Xq70yUmQBmdHjRPEVtZgI: Timeout during connect (likely firewall problem)
2018-11-30 16:37:00.666 +01:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://rdp.is-lotto.com/.well-known/acme-challenge/vRCh5zzFcUcoHsvoHn3yH-Xq70yUmQBmdHjRPEVtZgI: Timeout during connect (likely firewall problem)

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): WINDOWS SERVER 2016 build 1607

My hosting provider, if applicable, is: It’s a virtual machine hosted in Microsoft Azure

I can login to a root shell on my machine (yes or no, or I don’t know): I don’t know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I use Certify SSL/TLS Certificate Management (Community edition)
The firewall is disabled.
I selected Default Web Site as Certificate Domains option, Challenge Type http-01 as Authorization option, and Deployment Mode Single site as Deployment option.

I hope that you can help me to create my new certificate.
Thank you


#2

Hi @jonathan.savic

Letsencrypt sees a timeout, my online tool ( https://check-your-website.server-daten.de/?q=rdp.is-lotto.com ) sees a timeout:


Domainname Http-Status redirect Sec. G
http://rdp.is-lotto.com/
13.94.196.237 -14 10.026 T
Timeout - The operation has timed out
https://rdp.is-lotto.com/
13.94.196.237 -14 10.027 T
Timeout - The operation has timed out
http://rdp.is-lotto.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
13.94.196.237 -14 10.027 T
Timeout - The operation has timed out

So Letsencrypt can’t fetch the validation file under /.well-known/acme-challenge.

  • You have a blocking firewall
  • Your site is only private, so it’s not possible to see your site.

Ping rdp.is-lotto.com doesn’t work.


#3

Ok I’m going to check the network configuration.


#4

Hi,

When you configure a VM in Azure you have to unblock the firewall on the server (port 80 and 443) in Windows Firewall on the server and you also have to configure the network security group in Azure itself so that it allows port 80 and 443 traffic through (like you will already be doing for RDP traffic so you can connect to the server).

Once you can browse to the website from browser (externally, i.e. not just on the server itself - from your phone 4G network is a good test) you should be able to proceed with http validation.