Error validating domain

Domain validation error. Not sure what is causing this. Can you advise?

2024-01-10 10:10:56.949 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ [proxyAPI: True, timeout: 5000ms]
2024-01-10 10:12:37.006 -08:00 [WRN] Problem checking URL is accessible : http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ The remote server returned an error: (404) Not Found.
2024-01-10 10:12:37.006 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ [proxyAPI: False, timeout: 5000ms]
2024-01-10 10:12:37.008 -08:00 [ERR] Failed to confirm URL is accessible : http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ 
System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Certify.Management.NetworkUtils.<CheckURL>d__4.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Shared\Management\NetworkUtils.cs:line 153
2024-01-10 10:12:37.008 -08:00 [INF] Requesting Validation: fs.mocse.org
2024-01-10 10:12:37.012 -08:00 [INF] Attempting Challenge Response Validation for Domain: fs.mocse.org
2024-01-10 10:12:37.013 -08:00 [INF] Registering and Validating fs.mocse.org 
2024-01-10 10:12:37.036 -08:00 [INF] Checking automated challenge response for Domain: fs.mocse.org
2024-01-10 10:12:58.964 -08:00 [INF] Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hello,

My domain is: fs.mocse.org

I ran this command: none (ran gui to create certificate) - did not create

It produced this output:

2024-01-10 10:10:56.949 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ [proxyAPI: True, timeout: 5000ms]
2024-01-10 10:12:37.006 -08:00 [WRN] Problem checking URL is accessible : http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ The remote server returned an error: (404) Not Found.
2024-01-10 10:12:37.006 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ [proxyAPI: False, timeout: 5000ms]
2024-01-10 10:12:37.008 -08:00 [ERR] Failed to confirm URL is accessible : http://fs.mocse.org/.well-known/acme-challenge/1LgU1qh78bCFZyU-8-_NbMRg_8hJjOIQUKGrSwM6dZQ 
System.Net.WebException: The remote server returned an error: (404) Not Found.
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Certify.Management.NetworkUtils.<CheckURL>d__4.MoveNext() in D:\a\certify-service\certify-service\src\certify-build\certify\src\Certify.Shared\Management\NetworkUtils.cs:line 153
2024-01-10 10:12:37.008 -08:00 [INF] Requesting Validation: fs.mocse.org
2024-01-10 10:12:37.012 -08:00 [INF] Attempting Challenge Response Validation for Domain: fs.mocse.org
2024-01-10 10:12:37.013 -08:00 [INF] Registering and Validating fs.mocse.org 
2024-01-10 10:12:37.036 -08:00 [INF] Checking automated challenge response for Domain: fs.mocse.org
2024-01-10 10:12:58.964 -08:00 [INF] Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org 
2024-01-10 10:13:00.929 -08:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: fs.mocse.org 

My web server is (include version): IIS Windows on Server 2016

The operating system my web server runs on is (include version): Windows Server 2016 standard

My hosting provider, if applicable, is:CloudFlare for the domain

I can login to a root shell on my machine (yes or no, or I don't know): i don't know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
IIS
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): not using Certbot

Any status yet on this error?

What is the program name (and version) of that GUI app?

1 Like

Until then...

I'm unable to connect to your site via either HTTP and HTTPS.
Are you able to reach your site from the Internet [not from a local network]?
Is there a firewall/security device inline? If so, are they working correctly?

2 Likes

LD seems to have a similar issue with your site:
Let's Debug (letsdebug.net)

It "connects" but then fails to "speak" after the connection is established.
context deadline exceeded

2 Likes

I would guess this is Certify The Web. They usually like problems posted directly on their forum. They have more Windows expertise which often helps.

That said, I agree with @rg305 that this looks like a basic failure to communicate with HTTP (port 80) to your domain.

2 Likes

Certify the Web Certify SSL/TLS Certificate Manager 5.6.8.0 [Community Edition]

1 Like

I just allowed port 80 and 443 on the firewall, can you test again?

Still no luck. If Certify is starting its own listener for the challenge it will only work when it is running. This is one reason it is best to post on their forum. They know their product best and are experts at Let's Encrypt too.

You can test basic HTTP challenges with https://letsdebug.net

Are you able to connect to IIS from outside your own local network? Like with a mobile phone with wifi disabled to use your carrier's network?

2 Likes

I think they are up to version 6.0.13 now.
So, that could use an update.

2 Likes

It's likely shared with IIS.

2 Likes

No change :frowning:

2 Likes

Yes, for the port 80 http but not for https 443

Is this a binding issue?

2 Likes

@jgarciamocse I just timeout from my own test server as does Let's Debug

But, the log in your first post had a 404 Not Found which might mean it got through. And, you say you can reach it from outside your network.

Do you have any kind of regional based firewall? Or any other kind of selective firewall?

Certify should handle the bindings.

2 Likes

A post was split to a new topic: Certbot apache renewal problem

Hi, I'm the developer of Certify The Web. Please update to the latest version, as old versions are not supported.

It looks like you currently have port 80 open but the response is 404 (not found) which is actually a good start because that means your firewall is open it's just not getting the response it expected.

Update the app to the latest version and if you can perform a server reboot then try that as well - processes can sometime get stuck and your webserver doesn't seem to be responding particularly well currently.

You have truncated your log file so I can't see whether the HTTP Challenge Server is managing to start OK, this is the process that answers http challenges so that IIS doesn't have to (and therefore doesn't need special configuration). Some anti-virus apps have been known to interfere with this process and that's gotten worse recently - they may be using a general heuristic that a process shouldn't be allowed to start an http listener and you may need to add an exception.

If the app is being forced to fallback to IIS for http challenges it should still work though, try deleting the web.config file from /.well-known/acme-challenge and the app will recreate the file when you next click Test, this cycles through various configurations to find the one that works for your version/configuration of IIS.

2 Likes

I updated the application to the latest version. I restarted the server and applied the webserver AV policy to the server. I get the following logs below. It is still not communicating correctly.

2024-01-11 08:25:01.955 -08:00 [INF] [Progress] All Tests Completed OK
2024-01-11 08:25:04.502 -08:00 [INF] ---- Beginning Request [Default Web Site] ----
2024-01-11 08:25:04.502 -08:00 [INF] Certify/6.0.13.0 (Windows; Microsoft Windows NT 10.0.14393.0)
2024-01-11 08:25:04.503 -08:00 [INF] Beginning certificate request process: Default Web Site using ACME provider Anvil
2024-01-11 08:25:04.503 -08:00 [INF] The selected Certificate Authority is: Let's Encrypt
2024-01-11 08:25:04.503 -08:00 [INF] Requested identifiers to include on certificate: fs.mocse.org [dns]
2024-01-11 08:25:04.647 -08:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/1508251656/235928631066
2024-01-11 08:25:05.182 -08:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw
2024-01-11 08:25:05.254 -08:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/2U4ttg
2024-01-11 08:25:12.369 -08:00 [INF] Http Challenge Server process available.
2024-01-11 08:25:12.369 -08:00 [INF] Preparing automated challenge responses for: fs.mocse.org [dns]
2024-01-11 08:25:12.370 -08:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://fs.mocse.org/.well-known/acme-challenge/8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM with content 8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM.2JCUdnNeA7PxGOd89CRvgLJH9Q75z4eNMDqQ5gTIB2E
2024-01-11 08:25:12.370 -08:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2024-01-11 08:25:12.383 -08:00 [INF] Using website path C:\inetpub\wwwroot
2024-01-11 08:25:12.384 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM [proxyAPI: True, timeout: 5000ms]
2024-01-11 08:25:17.386 -08:00 [WRN] Problem checking URL is accessible : http://fs.mocse.org/.well-known/acme-challenge/8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM A task was canceled.
2024-01-11 08:25:17.386 -08:00 [INF] Checking URL is accessible: http://fs.mocse.org/.well-known/acme-challenge/8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM [proxyAPI: False, timeout: 5000ms]
2024-01-11 08:25:17.541 -08:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2024-01-11 08:25:17.541 -08:00 [INF] Resuming certificate request using CA: Let's Encrypt
2024-01-11 08:25:17.541 -08:00 [INF] Attempting challenge response validation for: fs.mocse.org [dns]
2024-01-11 08:25:17.541 -08:00 [INF] [Progress] Checking automated challenge response for: fs.mocse.org [dns]
2024-01-11 08:25:17.541 -08:00 [INF] Submitting challenge for validation: fs.mocse.org [dns] http://fs.mocse.org/.well-known/acme-challenge/8r4iziFbXmKYE3UWdnR6NDq7YCCrNRsWgyr24GywEjM
2024-01-11 08:25:22.767 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:27.841 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:32.926 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:37.998 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:43.125 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:48.229 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:53.313 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:25:58.387 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:26:03.472 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:26:08.572 -08:00 [INF] Waiting for the CA to validate the http-01 challenge response for: fs.mocse.org [https://acme-v02.api.letsencrypt.org/acme/chall-v3/303123455986/LnS8cw]
2024-01-11 08:26:08.649 -08:00 [ERR] [Progress] Validation failed: fs.mocse.org [dns]
The CA did not respond with a valid status for this identifier authorization within the time allowed [Pending]
2024-01-11 08:26:08.670 -08:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: fs.mocse.org [dns]
The CA did not respond with a valid status for this identifier authorization within the time allowed [Pending]

1 Like