Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:adfs.banovallumschool.co.uk
I ran this command:Get certificate process started using GetCert2.exe
It produced this output:
2020-08-28 01:45:09:569 PM
2020-08-28 01:45:09:632 PM Get certificate process started ā¦
2020-08-28 01:45:10:210 PM
2020-08-28 01:45:10:257 PM ( staging mode is in effect (-DoStagingTests=True) )
2020-08-28 01:45:10:335 PM
2020-08-28 01:45:10:476 PM
2020-08-28 01:45:10:601 PM Retrieving new certificate for āadfs.banovallumschool.co.ukā from the certificate provider network ā¦
2020-08-28 01:45:10:694 PM
2020-08-28 01:45:10:772 PM
2020-08-28 01:45:10:897 PM Stage 1 - init ACME workspace ā¦
2020-08-28 01:45:11:007 PM
2020-08-28 01:45:13:948 PM Id Name ComputerName ComputerType State ConfigurationName Availability
2020-08-28 01:45:13:963 PM ā ---- ------------ ------------ ----- ----------------- ------------
2020-08-28 01:45:13:979 PM 1 GetCert localhost RemoteMachine Opened Microsoft.PowerShell Available
2020-08-28 01:45:14:088 PM
2020-08-28 01:45:14:198 PM Using Module āC:\GetCert2\ACME-PSā
$global:state = New-ACMEState -Path āC:\GetCert2\AcmeStateā
Get-ACMEServiceDirectory $global:state -ServiceName āLetsEncrypt-Stagingā -PassThru
2020-08-28 01:45:20:794 PM PSComputerName : localhost
2020-08-28 01:45:20:794 PM RunspaceId : 3d9c27d8-a479-4c38-b4e3-eeff7cff7431
2020-08-28 01:45:20:809 PM ResourceUrl : https://acme-staging-v02.api.letsencrypt.org/directory
2020-08-28 01:45:20:809 PM NewAccount : https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
2020-08-28 01:45:20:809 PM NewAuthz :
2020-08-28 01:45:20:809 PM NewNonce : https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce
2020-08-28 01:45:20:809 PM NewOrder : https://acme-staging-v02.api.letsencrypt.org/acme/new-order
2020-08-28 01:45:20:825 PM KeyChange : https://acme-staging-v02.api.letsencrypt.org/acme/key-change
2020-08-28 01:45:20:825 PM RevokeCert : https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert
2020-08-28 01:45:20:825 PM Meta : AcmeDirectoryMeta
2020-08-28 01:45:20:825 PM local computer.
2020-08-28 01:45:21:169 PM Success.
2020-08-28 01:45:21:325 PM
2020-08-28 01:45:21:419 PM
2020-08-28 01:45:21:544 PM Stage 2 - register domain contact, submit order & authorization request ā¦
2020-08-28 01:45:21:763 PM
2020-08-28 01:45:21:919 PM Using Module āC:\GetCert2\ACME-PSā
New-ACMENonce $global:state
New-ACMEAccountKey $global:state -PassThru
New-ACMEAccount $global:state -EmailAddresses āataylor@banovallumschool.co.ukā -AcceptTOS
$SanList = (āadfs.banovallumschool.co.ukā)
[AcmeIdentifier] $identifiers = $null
foreach ($SAN in $SanList) { $identifiers += New-ACMEIdentifier $SAN }
$global:order = New-ACMEOrder $global:state -Identifiers $identifiers
$global:authZ = Get-ACMEAuthorization -State $global:state -Order $global:order
[int] $global:SanMap = $null
foreach ($SAN in $SanList) { for ($i=0; $i -lt $global:authZ.Length; $i++) { if ( $global:authZ[$i].Identifier.value -eq $SAN ) { $global:SanMap += $i }}}
2020-08-28 01:45:24:550 PM PSComputerName : localhost
2020-08-28 01:45:24:565 PM RunspaceId : 3d9c27d8-a479-4c38-b4e3-eeff7cff7431
2020-08-28 01:45:24:565 PM RSA : System.Security.Cryptography.RSACng
2020-08-28 01:45:24:565 PM HashSize : 256
2020-08-28 01:45:24:565 PM HashName : SHA256
2020-08-28 01:45:27:170 PM local computer.
2020-08-28 01:45:27:263 PM Success.
2020-08-28 01:45:27:357 PM
2020-08-28 01:45:27:498 PM
2020-08-28 01:45:27:591 PM Stage 3 - Define DNS name to be challenged (āadfs.banovallumschool.co.ukā), setup domain challenge in IIS and submit it to certificate provider ā¦
2020-08-28 01:45:27:716 PM
2020-08-28 01:45:28:170 PM
2020-08-28 01:45:28:263 PM Adjusting āC:\inetpub\wwwroot.well-known\acme-challenge\web.configā ā¦
2020-08-28 01:45:28:420 PM
2020-08-28 01:45:28:498 PM Using Module āC:\GetCert2\ACME-PSā
$challenge = Get-ACMEChallenge $global:state $global:authZ[$global:SanMap[0]] āhttp-01ā
$challengePath = āC:\inetpub\wwwroot.well-known\acme-challengeā
$fileName = $challengePath + ā/ā + $challenge.Data.Filename
if(-not (Test-Path $challengePath)) { New-Item -Path $challengePath -ItemType Directory }
Set-Content -Path $fileName -Value $challenge.Data.Content -NoNewLine
$challenge.Data.AbsoluteUrl
$challenge | Complete-ACMEChallenge $global:state
2020-08-28 01:45:29:598 PM adfs.banovallumschool.co.uk/.well-known/acme-challenge/z4TgJcXLQ1IJAFl0uxWpWNIZBQPf14AflTVSdbNbmG4
2020-08-28 01:45:29:864 PM PSComputerName : localhost
2020-08-28 01:45:29:879 PM RunspaceId : 3d9c27d8-a479-4c38-b4e3-eeff7cff7431
2020-08-28 01:45:29:879 PM Type :
2020-08-28 01:45:29:895 PM Url :
2020-08-28 01:45:29:895 PM Token :
2020-08-28 01:45:29:910 PM Identifier : dns:adfs.banovallumschool.co.uk
2020-08-28 01:45:29:910 PM Data :
2020-08-28 01:45:29:926 PM local computer.
2020-08-28 01:45:30:270 PM Success.
2020-08-28 01:45:35:385 PM
2020-08-28 01:45:35:432 PM
2020-08-28 01:45:35:510 PM Stage 4 - update challenge from certificate provider ā¦
2020-08-28 01:45:35:635 PM
2020-08-28 01:45:35:744 PM Using Module āC:\GetCert2\ACME-PSā
$global:order | Update-ACMEOrder $global:state -PassThru
2020-08-28 01:45:37:793 PM PSComputerName : localhost
2020-08-28 01:45:37:793 PM RunspaceId : 3d9c27d8-a479-4c38-b4e3-eeff7cff7431
2020-08-28 01:45:37:808 PM ResourceUrl : https://acme-staging-v02.api.letsencrypt.org/acme/order/15368644/138591949
2020-08-28 01:45:37:808 PM Status : invalid
2020-08-28 01:45:37:808 PM Expires : 2020-09-04T12:45:25Z
2020-08-28 01:45:37:808 PM NotBefore :
2020-08-28 01:45:37:824 PM NotAfter :
2020-08-28 01:45:37:824 PM Identifiers : {dns:adfs.banovallumschool.co.uk}
2020-08-28 01:45:37:824 PM AuthorizationUrls : {https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/101275667}
2020-08-28 01:45:37:839 PM FinalizeUrl : https://acme-staging-v02.api.letsencrypt.org/acme/finalize/15368644/138591949
2020-08-28 01:45:37:839 PM CertificateUrl :
2020-08-28 01:45:37:839 PM CSROptions : AcmeCsrOptions
2020-08-28 01:45:37:839 PM local computer.
2020-08-28 01:45:37:918 PM Success.
2020-08-28 01:45:38:058 PM
2020-08-28 01:45:38:230 PM
2020-08-28 01:45:38:339 PM Stage 5 - generate certificate request and submit ā¦
2020-08-28 01:45:38:480 PM
2020-08-28 01:45:38:636 PM Using Module āC:\GetCert2\ACME-PSā
$global:certKey = New-ACMECertificateKey -Path āC:\GetCert2\AcmeState\cert.key.xmlā
Complete-ACMEOrder $global:state -Order $global:order
2020-08-28 01:45:41:655 PM Server returned problem (Status: 403).
2020-08-28 01:45:41:655 PM @{type=urn:ietf:params:acme:error:orderNotReady; detail=Orderās status (āinvalidā) is not acceptable for finalization;
2020-08-28 01:45:41:671 PM status=403}
2020-08-28 01:45:41:671 PM At C:\GetCert2\InGetCertSession.ps1:14 char:5
2020-08-28 01:45:41:671 PM + Invoke-Command -Session $GetCertSession -ScriptBlock { & $args[0] ā¦
2020-08-28 01:45:41:671 PM + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2020-08-28 01:45:41:686 PM + CategoryInfo : OperationStopped: (Server returnedā¦on; status=403}:String) , RuntimeException
2020-08-28 01:45:41:686 PM + FullyQualifiedErrorId : Server returned problem (Status: 403).
2020-08-28 01:45:41:686 PM @{type=urn:ietf:params:acme:error:orderNotReady; detail=Orderās status (āinvalidā) is not acceptable for finalizat
2020-08-28 01:45:41:686 PM ion; status=403}
2020-08-28 01:45:41:702 PM
2020-08-28 01:45:41:842 PM GetCertServiceFault: The sub-process experienced a critical failure.
2020-08-28 01:45:41:952 PM
2020-08-28 01:45:43:624 PM
2020-08-28 01:45:43:749 PM At least one stage failed (or the process was stopped). Check log for errors.
My web server is (include version):IIS IIS v10.0.14393.0
The operating system my web server runs on is (include version):Win Serv 2016 v1607
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I donāt know):YES
Iām using a control panel to manage my site (no, or provide the name and version of the control panel):NO
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if youāre using Certbot): GetCert2 v2.211
Iām not sure what has changed because we renewed the certificate 2 months ago fine but we were using letsencrypt.exe but was told that is now deprecated, so I tried with GetCert2.exe with the failure above.
Any Help gratefully received.
Thanks
Doug