Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
vpn.crowconsultants.com
I ran this command:
New-ACMEIdentifier -Dns vpn.crowconsultants.com -Alias vpn-crowconsultants-com2
Get-ACMEIdentifier vpn-crowconsultants-com2
Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type
Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Combinations
Complete-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘Default Web Site’ }
Submit-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01
Update-ACMEIdentifier vpn-crowconsultants-com2 -ChallengeType http-01
It produced this output:
IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : vpn.crowconsultants.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/4h4JV9VCiCWyCcgaYKrUVaCVl9y
Stlo9BP5_7maSW2M
Status : pending
Expires : 2/19/2019 12:59:23 AM
Challenges : {, , iis}
Combinations : {1, 0, 2}
ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : vpn.crowconsultants.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/mobwmo-myWyNHX7eDilt9cf_OKd
a-CmVOwON6W1cClw
Status : invalid
Expires : 2/18/2019 9:10:04 PM
Challenges : {, , }
Combinations : {1, 0, 2}
My web server is (include version):
IIS
The operating system my web server runs on is (include version):
server 2016 essentials 1203-1755
My hosting provider, if applicable, is:
None default iis webpage. I am setting this up for vpn validation
I can login to a root shell on my machine (yes or no, or I don’t know):
Yes. I am using PSVersion 5.1.14393.2636
PSEdition Desktop
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
I am using the acme-sharp ps modules for this
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
This is my first time using a lets encrypt cert. I normally just buy them for domains. then I validate them using either a txt file or mail to my admin email.
I am attempting to get a cert here mainly for my vpn connections. I am going to direct all my traffic through this subdomain off of my main site.
My main site is hosted by google. I am redirecting a subdomain to my home server.
I have forwarded ports 80,8080, and 443. They are open and tested.
I have also created a cname alias inside my lan (dns on server) that points the domain on my cert to my local server, both in my reverse lookup zone and standard. A standard google search gets to my iis default web page, both in and out of the lan.
I made sure to add the -useclobber flag when installing the iis provider. Acme server vault was initialized. I was following the quickstart guide on the github page for the ACMEsharp modules step by step.
IIS shows as a handler.
Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type
Type
tls-alpn-01
dns-01
http-01
I am quite puzzled as to why this isn’t working.
I made multiple attempts and kept failing the challenge.
Any help is appreciated.