Failed to register and Validate order with CA


#1

Hello team,
I am trying to issue a new SSL LA certificate on an new Windows Server 2012, running IIS.

I run the following command: “C:\Program Files\WinCertes\WinCertes.exe” -e myemail@edi2xml.com -d subdomain.erpwizard.net -b “demo” -p

I get this error: “Failed to register and validate order with CA: ACME operation not supported.”

Please note that I have used the same script on another similar server (Windows 2012/IIS), and it worked perfectly from the first try.

Any information on how to overcome this error ?

Thanks in advance


#2

Hi @pnamroud

isn’t there a log or something else? The error message isn’t from Letsencrypt, these errrors have another format.

So it’s specific to that client.

PS: What’s your domain name?

Moved to “Help”.


#3

Hello @JuergenAuer
The domain name is erpwizard.net
Following is a copy/paste of the log file from the clients’ folog file:
2018-12-06 09:11:40.2583|INFO|Successfully registered account pnamroud@edi2xml.com with certificate authority https://acme-v02.api.letsencrypt.org/directory
2018-12-06 09:11:40.3365|INFO|Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2018-12-06 09:11:44.3026|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/o8WYoq0PakW3i277MLM6UoP7mpt6mHu21BuShFzufzM/10023416782
2018-12-06 09:12:37.7170|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/RQ7NWVp-0Fab5y5ejfhLiBz-X0bNaBuH2kn08k8o-pg/10023433372
2018-12-06 09:15:31.1275|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/jp_yHciljKN-NeW712NqpsM5rC0h2Pgy5MW1SmgFhcw/10023494690
2018-12-06 09:15:49.9719|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/sjOAHPS_MgUpV8pl-o5Or63qQ2S0hfSiqEezKsdQxAs/10023499656
2018-12-06 09:39:51.7874|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/kYiCLFubE73CdZ1zqYM4YuxvapVkLh-vhYa6z8gPhuE/10023930441
2018-12-06 09:41:59.1458|ERROR|Failed to register and validate order with CA: Fail to load resource from ‘https://acme-v02.api.letsencrypt.org/acme/new-order’.
urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/
2018-12-06 09:45:51.1712|ERROR|Failed to register and validate order with CA: ACME operation not supported.
2018-12-06 09:47:42.1386|ERROR|Failed to register and validate order with CA: ACME operation not supported.
2018-12-06 09:51:01.6881|ERROR|Failed to register and validate order with CA: ACME operation not supported.
2018-12-06 11:07:34.6577|ERROR|Failed to register and validate order with CA: ACME operation not supported.

Thanks in advance


#4

Ah, this tool is buggy. The challenge page has the correct answer:

"Invalid response from http://demo.erpwizard.net/.well-known/acme-challenge/HedgHpHEmR46azfsReiZYtoGl-GBVvgZ_z_bk9WoaSk: "<!DOCTYPE html>\r\n<html>\r\n <head>\r\n <title>The resource cannot be found

Loading the file

http://demo.erpwizard.net/.well-known/acme-challenge/5MdEoeQLKFtkrs5h8gHXONFJFEZjJ0c9CsK4vRt9lhM

your server says: “File not found”.

You have an IIS. Do you allow files without extension? Something like

<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="text/plain" />
        </staticContent>
    </system.webServer>
</configuration>

Checking your site with my online tool ( https://check-your-website.server-daten.de/?q=demo.erpwizard.net ) I don’t see big problems.


Domainname Http-Status redirect Sec. G
http://demo.erpwizard.net/
66.171.162.194 302 http://demo.erpwizard.net/Account/login?ReturnUrl=%2F 0.494 D
http://demo.erpwizard.net/Account/login?ReturnUrl=%2F 200 5.950 H
https://demo.erpwizard.net/
66.171.162.194 -14 10.024 T
Timeout - The operation has timed out
http://demo.erpwizard.net/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
66.171.162.194 404 0.207 A
Not Found

Your root redirects to your login, but your /.well-known/acme-challenge doesn’, instead returns a (good) 404.

Create a file without extension (file name 1234) and place it in /.well-known/acme-challenge, then try to load this file with your browser.


#5

So are you suggesting to create a folder /.well-known/acme-challenge and place a file with no extension in it ?

The folder does not exist

Let me know @JuergenAuer

thanks in advance
PN


#6

Yes, create this folder. Your client use this folder to save the validation file, Letsencrypt checks it.

If this folder has the wrong configuration, Letsencrypt fails.


#7

Thanks
I created that folder and now i have an additional different error

Failed to register and validate order with CA: ACME operation not supported
Could not delete challenge file directory: The directory is not empty.


#8

I believe that @JuergenAuer wanted you to create this folder for debugging purposes, not because doing this would fix the problem by itself.

In particular, note the “then try to load this file with your browser” step (that’s the debugging-related question).


#9

Thanks @schoen noted.

To answer the debugging issue, I was able to load the file from the browser by clicking this link: http://demo.erpwizard.net/.well-known/1234

Is that what you meant @JuergenAuer ?


#10

The directory must be /.well-known/acme-challenge


#11

Ok, done
http://demo.erpwizard.net/.well-known/acme-challenge/1234


#12

Hi,

Sorry for interruption, but have you tried to update the software to the latest version?

The author of this software mention there is an issue with the existing IIS, and he released a new version of this software 6 days ago. (According to this issue)

Thank you


#13

I am already using the latest version (1.05) downloaded last Monday


#14

In this case, do you mind to share us outpus from the “debug” version?

Thank you


#15

Please see my second thread where I included copy/paste of the log file errors

Thanks


#16

From that second thread log post:

Is that still the case?


#17

This is the latest error: 2018-12-06 16:24:17.5151|ERROR|Failed to register and validate order with CA: ACME operation not supported.

Here is the command I sent:
“C:\Program Files\WinCertes\WinCertes.exe” -e pnamroud@edi2xml.com -d demo.erpwizard.net -b “demo” -p

Version of Wincertes: 1.05


#18

Is there any way to elevate the logging - to include more detail ?


#19

This is good.

But if there are no additional logs, you should ask the author of this software.


#20

Thank You
Will do

PN