Get an Error when try to renew a Certificate

Hello,
I have a windows server 2012 R2 with plesk on it. when i try to renew my website certificate, get following error:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to

C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs\letsencrypt.log

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for example.com

Starting new HTTPS connection (1): 127.0.0.1

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The

client lacks sufficient authorization :: Invalid response from http://example.com/.well-

known/acme-challenge/- 4w2EGbMnsRGaqjgaZNXvOcj31WUTmDjUCIzhROS63o:

"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http"

IMPORTANT NOTES:

  • The following errors were reported by the server:

Domain: example.com

Type: unauthorized

Detail: Invalid response from

http://example.com/.well-known/acme- challenge/-

4w2EGbMnsRGaqjgaZNXvOcj31WUTmDjUCIzhROS63o:

"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A record(s) for that domain

contain(s) the right IP address.


I check DNS record, firewall and “.” MIME type in iis, but can not solve the problem.

Regards

What’s your domain name ?

The problem is it couldn’t reach a given file within /.well-known/acme-challenge/ can you place a plain text file there, with the file name “test” and see if you can reach it ?

yes i test it, i create /.well-known/acm-challenge/ path in httpdoc and then put there a txt file. it was reachable.

Can you provide us with the domain name / link to test plese

the domain is www.bazaryab.com , at this moment can not create path for test, but you can see that domain is reachable and for first time we could get Let’s certificate but now we can not renew it

currently I get a 404 not found for even the .well-known folder.

curl -I https://www.bazaryab.com/.well-known/
HTTP/1.1 404 Not Found

Please let me know when you have created the test file in /.well-known/acme-challenge/test so that I can test that

1 Like

ok , i create that you want.
you test following link
https://www.bazaryab.com/.well-known/acme-challenge/test.txt

That seems to be working alright. But you’re running IIS right? Can you also put a test file without an extension in that same directory? I.e., without the .txt?

yes i use iis
i create a test1 file without extention on that path.

That seems not to be working:

osiris@desktop ~ $ wget http://www.bazaryab.com/.well-known/acme-challenge/test1
--2017-03-05 18:32:16--  http://www.bazaryab.com/.well-known/acme-challenge/test1
Resolving www.bazaryab.com... 91.99.96.210
Connecting to www.bazaryab.com|91.99.96.210|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:16--  https://www.bazaryab.com/.well-known/acme-challenge/test1
Connecting to www.bazaryab.com|91.99.96.210|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-03-05 18:32:17 ERROR 404: Not Found.

osiris@desktop ~ $ wget http://bazaryab.com/.well-known/acme-challenge/test1
--2017-03-05 18:32:27--  http://bazaryab.com/.well-known/acme-challenge/test1
Resolving bazaryab.com... 91.99.96.210
Connecting to bazaryab.com|91.99.96.210|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:27--  http://www.bazaryab.com/.well-known/acme-challenge/test1
Resolving www.bazaryab.com... 91.99.96.210
Reusing existing connection to bazaryab.com:80.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:28--  https://www.bazaryab.com/.well-known/acme-challenge/test1
Connecting to www.bazaryab.com|91.99.96.210|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-03-05 18:32:29 ERROR 404: Not Found.

osiris@desktop ~ $

So you might want to look into how IIS can serve files without an extension? Although, one might expect a 403 Forbidden error or something like that..

i try some mim type but steel same error,
I try “.” text/plain or “.” or “.” text/xml or “.” application/octet-stream
do you have any idea?

i use “.” text/json and get new error:

Error: Let’s Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs\letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x02B2F350>: Failed to establish a new connection: [Errno 11002] getaddrinfo failed’,))
Please see the logfiles in C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs for more details.

I still get a 404 on your test1 file

curl -I https://www.bazaryab.com/.well-known/acme-challenge/test1
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 341425
Content-Type: text/html; charset=utf-8
Expires: -1
X-UrlRewriter-404: 404 Rewritten to DNN Tab : خطای صفحه 404(Tabid:45) : Reason Page_404
X-UA-Compatible: IE=edge
Set-Cookie: dnn_IsMobile=False; path=/; HttpOnly
Set-Cookie: language=fa-IR; path=/; HttpOnly
X-Powered-By-Plesk: PleskWin
Date: Sun, 05 Mar 2017 19:39:11 GMT

I can not find any way to serve and extensionless file, do you have any idea?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.