Failed to Create Order (No Further Details Provided)

My domain is: secure.2lbin.com (+39 other separate domains)

I ran this command: I'm using win-acme for a Windows server. I'm not sure what commands it runs.

It produced this output: Failed to create order (it provided no further details)

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): Windows Server 2012 R2

My hosting provider, if applicable, is: I am the hosting provider

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): N/A

Our servers are set up in such a way that a certificate renewal failure emails our support system to inform us what domain failed to renew. I got into the server via RDP to check. Win-Acme simply said "Failed to create order." I didn't think much of it so I just tried to tell win-acme to rerun the certificate. Same thing happened. I tried it on another domain that was due for renewal and it gave me the same error.

Failed to create order

This is frustrating because normally the errors tell me why they occurred. This error isn't giving me any details as in to what caused it or why. I'm not sure where to begin looking for log files (if any exist). I'd like to get this solved as quickly as possible before more domains begin to have this problem.

Any help that can be provided is much appreciated!

2 Likes

There is a page about custom logging for win-acme in it's documentation:

https://www.win-acme.com/manual/advanced-use/custom-logging

Perhaps that could be of any help?

3 Likes

Can you find the version of win-acme, or at least ensure you're on the latest one? I wonder if you're on an old version that doesn't handle ACME v2? That's just a completely wild guess, though.

1 Like

@Osiris That actually is very helpful. Thank you!

@petercooperjr We're running the latest version of win-acme. We updated a few days ago.

After some troubleshooting, I was able to find out that this was getting caused by the Windows Firewall. The firewall blocked the outbound (and inbound) connection to the Let's Encrypt API. I'm assuming that win-acme doesn't have any error message for if the server itself blocks the outbound traffic.

3 Likes

Glad you could figure it out!

1 Like

Btw, if you commonly block outgoing https make sure your server is receiving windows updates and has an up to date trust store: When will the chain used by (not returned by) the API endpoints change? - #6 by webprofusion

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.