I created a website on windows server 2019 and I would like to get a ssl certificate for my website www.cdatc.eu
My website is a local website that people can access if there are connected to the local network.
I got this error with wacs.exe (win-acme.v2.2.3.1475.x64.pluggable)
Source generated using plugin IIS: www.cdatc.eu
Plugin IIS generated source www.cdatc.eu with 1 identifiers
Plugin Single created 1 order
Cached order has status invalid, discarding
[www.cdatc.eu] Authorizing...
[www.cdatc.eu] Authorizing using http-01 validation (SelfHosting)
[www.cdatc.eu] Authorization result: invalid
[www.cdatc.eu] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"213.186.33.5: Invalid response from http://www.cdatc.eu: \u0022\u003Chtml xml:lang=\\u0022fr-FR\\u0022 lang=\\u0022fr-FR\\u0022\u003E\n\u003Chead\u003E\n\u003Ctitle qtlid=\\u002228806\\u0022\u003EF\u00E9licitations ! Votre domaine a bien \u00E9t\u00E9 cr\u00E9\u00E9 chez OVHclou\u0022","status":403,"instance":null}
[www.cdatc.eu] Deactivating pending authorization
The problem is your domain is redirecting the HTTP Challenge from the Let's Encrypt Server to your home page.
It is OK to redirect the original request. But, the result of following the redirects must eventually be the challenge token created by wacs. Because you redirect to your home page that value is not being returned.
Thanks I didn't notice your server was nginx as @MikeMcQ mentioned. This is very different from IIS and wacs is designed for IIS, so instead you need to serve the http challenge yourself and I'd expect that would be easites using certbot with with it's built in nginx support.
The problem with nginx on Windows is it will not share http on port 80 like IIS can, so instead it will steal the port for itself and then the self-hosting wacs option won't work.
You can use the filesystem option (hosting the http challenge response on your nginx website) or just use DNS validation instead.
If you want to try DNS validation, on Windows you can use https://certifytheweb.com (which I develop) as it supports a whole bunch of DNS APIs, including your provider OVH.
Thanks for your answer but I'm created my website on the IIS platform of windows server 2019.
Do I need to realise the DNS validation to get my ssl certificate to be able to have HTTPS on my webside ?
If that's the case, then why is there a nginx webserver responding on www.cdatc.eu?
Note that Let's Encrypt will always need to validate your hostname from the public internet. So whatever is running on 10.100.100.2, if that's different than what's running on 213.186.33.5 (the public IP address of your hostname) then there's going to be a problem.
So if Let's Encrypt can't connect to your webserver using port 80 (the http-01 challenge using, well, HTTP), you'd need to use the DNS challenge (dns-01).
Is your PC domain joined?
Does the URL contain an FQDN that is covered by the Windows CA provided cert?
Is the server using the Windows CA provided cert?
I installed Certification Authority and Certification Authority Web Enrollment
in IIS, I created a certificate request
I went on http://localhost/certsrv to submit my certificate request
Afterwards, in server certificates, I completed certificate request with the certificate that I got from http://localhost/certsrv
I use the certificate that I just created in my server certificates on my website
It means...
You know little of the Windows World - lol
Windows domains comes with a local domain CA.
All systems joined to that Active Directory [AD] will implicitly trust that domain CA [and all certs issued by it].
