Get an Error when try to renew a Certificate

m.samadzadegan · March 3, 2017, 7:14am

Hello,
I have a windows server 2012 R2 with plesk on it. when i try to renew my website certificate, get following error:

Error: Let's Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to

C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs\letsencrypt.log

Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org

Obtaining a new certificate

Performing the following challenges:

http-01 challenge for example.com

Starting new HTTPS connection (1): 127.0.0.1

Waiting for verification…

Cleaning up challenges

Failed authorization procedure. example.com (http-01): urn:acme:error:unauthorized :: The

client lacks sufficient authorization :: Invalid response from http://example.com/.well-

known/acme-challenge/- 4w2EGbMnsRGaqjgaZNXvOcj31WUTmDjUCIzhROS63o:

"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http"

IMPORTANT NOTES:

The following errors were reported by the server:

Domain: example.com

Type: unauthorized

Detail: Invalid response from

http://example.com/.well-known/acme- challenge/-

4w2EGbMnsRGaqjgaZNXvOcj31WUTmDjUCIzhROS63o:

"<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http"

To fix these errors, please make sure that your domain name was

entered correctly and the DNS A record(s) for that domain

contain(s) the right IP address.

I check DNS record, firewall and “.” MIME type in iis, but can not solve the problem.

Regards

serverco · March 3, 2017, 8:25am

What’s your domain name ?

The problem is it couldn’t reach a given file within /.well-known/acme-challenge/ can you place a plain text file there, with the file name “test” and see if you can reach it ?

m.samadzadegan · March 3, 2017, 8:33am

yes i test it, i create /.well-known/acm-challenge/ path in httpdoc and then put there a txt file. it was reachable.

serverco · March 3, 2017, 8:34am

Can you provide us with the domain name / link to test plese

m.samadzadegan · March 3, 2017, 8:36am

the domain is www.bazaryab.com , at this moment can not create path for test, but you can see that domain is reachable and for first time we could get Let’s certificate but now we can not renew it

serverco · March 3, 2017, 8:42am

currently I get a 404 not found for even the .well-known folder.

curl -I https://www.bazaryab.com/.well-known/
HTTP/1.1 404 Not Found

Please let me know when you have created the test file in /.well-known/acme-challenge/test so that I can test that

m.samadzadegan · March 5, 2017, 5:24pm

ok , i create that you want.
you test following link
https://www.bazaryab.com/.well-known/acme-challenge/test.txt

Osiris · March 5, 2017, 5:27pm

That seems to be working alright. But you’re running IIS right? Can you also put a test file without an extension in that same directory? I.e., without the .txt?

m.samadzadegan · March 5, 2017, 5:31pm

yes i use iis
i create a test1 file without extention on that path.

Osiris · March 5, 2017, 5:34pm

That seems not to be working:

osiris@desktop ~ $ wget http://www.bazaryab.com/.well-known/acme-challenge/test1
--2017-03-05 18:32:16--  http://www.bazaryab.com/.well-known/acme-challenge/test1
Resolving www.bazaryab.com... 91.99.96.210
Connecting to www.bazaryab.com|91.99.96.210|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:16--  https://www.bazaryab.com/.well-known/acme-challenge/test1
Connecting to www.bazaryab.com|91.99.96.210|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-03-05 18:32:17 ERROR 404: Not Found.

osiris@desktop ~ $ wget http://bazaryab.com/.well-known/acme-challenge/test1
--2017-03-05 18:32:27--  http://bazaryab.com/.well-known/acme-challenge/test1
Resolving bazaryab.com... 91.99.96.210
Connecting to bazaryab.com|91.99.96.210|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: http://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:27--  http://www.bazaryab.com/.well-known/acme-challenge/test1
Resolving www.bazaryab.com... 91.99.96.210
Reusing existing connection to bazaryab.com:80.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.bazaryab.com/.well-known/acme-challenge/test1 [following]
--2017-03-05 18:32:28--  https://www.bazaryab.com/.well-known/acme-challenge/test1
Connecting to www.bazaryab.com|91.99.96.210|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2017-03-05 18:32:29 ERROR 404: Not Found.

osiris@desktop ~ $

So you might want to look into how IIS can serve files without an extension? Although, one might expect a 403 Forbidden error or something like that..

m.samadzadegan · March 5, 2017, 5:57pm

i try some mim type but steel same error,
I try “.” text/plain or “.” or “.” text/xml or “.” application/octet-stream
do you have any idea?

m.samadzadegan · March 5, 2017, 6:03pm

i use “.” text/json and get new error:

Error: Let’s Encrypt SSL certificate installation failed: Failed letsencrypt execution: Saving debug log to C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs\letsencrypt.log
Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
An unexpected error occurred:
ConnectionError: HTTPSConnectionPool(host=‘acme-v01.api.letsencrypt.org’, port=443): Max retries exceeded with url: /directory (Caused by NewConnectionError(’<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x02B2F350>: Failed to establish a new connection: [Errno 11002] getaddrinfo failed’,))
Please see the logfiles in C:\Program Files (x86)\Parallels\Plesk\var\modules\letsencrypt\logs for more details.

serverco · March 5, 2017, 7:40pm

I still get a 404 on your test1 file

curl -I https://www.bazaryab.com/.well-known/acme-challenge/test1
HTTP/1.1 404 Not Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 341425
Content-Type: text/html; charset=utf-8
Expires: -1
X-UrlRewriter-404: 404 Rewritten to DNN Tab : خطای صفحه 404(Tabid:45) : Reason Page_404
X-UA-Compatible: IE=edge
Set-Cookie: dnn_IsMobile=False; path=/; HttpOnly
Set-Cookie: language=fa-IR; path=/; HttpOnly
X-Powered-By-Plesk: PleskWin
Date: Sun, 05 Mar 2017 19:39:11 GMT

m.samadzadegan · March 10, 2017, 7:25pm

I can not find any way to serve and extensionless file, do you have any idea?

system · April 9, 2017, 7:25pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate renewal failure Help	8	763	February 27, 2020
Error unauthorized - Failed authorization procedure Server	2	1631	April 14, 2017
Error: Could not issue a Let's Encrypt SSL/TLS certificate Help	3	4012	February 9, 2018
Plesk Server + letsencrypt + renew Help	2	1426	April 11, 2017
Could not renew (403 error) fora server without an actual web site Issuance Tech	2	1359	November 29, 2017

Get an Error when try to renew a Certificate

Hello, I have a windows server 2012 R2 with plesk on it. when i try to renew my website certificate, get following error:

Related topics

Hello,
I have a windows server 2012 R2 with plesk on it. when i try to renew my website certificate, get following error: