Hello all,
I using MyFritz! Service, which provides per default an automatic generated Let's Encrypt certificate.
As far, as good.
But when try to reach my local Fritz!Box web services like "https://fritz.box", I still get a certificate error Message, message in Chrome "ERR_CERT_AUTHORITY_INVALID".
OK, a look into the Certificate and as i unterstood the root cause is:
Fritz!Box creates a certificate, that has only the as Subject e.g. "1234567890abcdef.myfritz.net" and not fritz.box.
So I started an Standalone Windows Server with IIS, added Port 80 Bindings "1234567890abcdef.myfritz.net" and "fritz.box" and enabled port forwarding on Fritz!Box, so that "http://1234567890abcdef.myfritz.net" was reachable via internet.
With win-acme I've tried to create a new certificate on that server and selected following options:
M: Create certificate (full options)
1: Read site bindings from IIS
=> 1: Default Web Site (2 bindings)
=> 1st: 1234567890abcdef.myfritz.net
=> 2nd: fritz.box
Site identifier(s) or to choose all:
Binding identifiers(s) or menu option:
Please pick the main host, which will be presented as the subject of the certificate:
=> Selected 1234567890abcdef.myfritz.net
Continue with this selection? (y*/n) - yes
Suggested friendly name '[IIS] (any site), (any host)', press to accept or type an alternative:
How would you like prove ownership for the domain(s)?:
=> 2: [http-01] Serve verification files from memory
What kind of private key should be used for the certificate?:
=> SRA key
How would you like to store the certificate?: 2
=>2: PEM encoded files (Apache, nginx, etc.)
Path to folder where .pem files are stored: C:\Temp
Password to use for the private key .pem file or for none: **********************
Would you like to store it in another way too?:
=> 5: No (additional) store steps
Which installation step should run first?:
=> 4: No (additional) installation steps
But then I got following error message:
[1234567890abcdef.myfritz.net] Cached authorization result: valid
[fritz.box] Authorizing...
[fritz.box] Authorizing using http-01 validation (SelfHosting)
[fritz.box] Authorization result: invalid
[fritz.box] {
"type": "urn:ietf:params:acme:error:dns",
"detail": "DNS problem: NXDOMAIN looking up A for fritz.box - check that a DNS record exists for this domain",
"status": 400
}
Create certificate failed, retry? (y/n*)
As I under stand that result, the win-acme can validate myfritz.net address, but not the fritz.box address.
How I can add fritz.box as second subject entry to the certificate?
Or may I'm totally wrong?
Thanks a lot for Feedback
IIS web server is Version 8.0
OS of my web server runs on is Windows Server 2012
win-acme Version is 2.1.16.1037