First time certificate not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: @

I ran this command: certbot certonly --webroot

It produced this output:
Input the webroot for (Enter ‘c’ to cancel): D:\Live\Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Type: unauthorized
Detail: Invalid response from 404IiQU: 404

My web server is (include version): IIS 10.0

The operating system my web server runs on is (include version): Microsoft Windows Server 2019 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I think so?

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 2.9.0

The EFF is discontinuing support for Certbot on Windows this month. You should not setup any new systems on Windows with Certbot.

Please see the below announcement along with suggested alternatives. Certify The Web is a nice one.


Hi @haris16, and welcome to the LE community foum :slight_smile:

I know very little about IIS...
But the difference between the HTTP and HTTPS server signatures is interesting:

curl -Ii
HTTP/2 200
cache-control: private
content-length: 129538
content-type: text/html; charset=utf-8
server: Microsoft-IIS/10.0      <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 21 Feb 2024 06:29:13 GMT

curl -Ii
HTTP/1.1 404 Not Found
Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0      <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Date: Wed, 21 Feb 2024 06:29:17 GMT
Connection: close

If you do decide you would like to try Certify The Web ( for this, the process is:

  • Install the app
  • Click New Certificate (you will be prompt to register a Let's Encrypt account on first use)
  • Select your IIS site to auto populate the hostnames to include on the certificate. It's best to already have hostnames set in your IIS bindings so the app can match them. If you have existing https bindings set their IP to All Unassigned, Use SNI and set the hostname.
  • Click Request Certificate to order and apply a new certificate. Once successfully ordered the cert will automatically renew when it reaches 75% of it's lifetime (configurable under Settings).

2 posts were split to a new topic: Problem getting cert with Nginx Proxy Manager

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.