Getting invalid return after submitting challenge


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
New-ACMEIdentifier -Dns -Alias vpn-crowconsultants-com2

Get-ACMEIdentifier vpn-crowconsultants-com2

Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type

Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Combinations

Complete-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘Default Web Site’ }

Submit-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01

Update-ACMEIdentifier vpn-crowconsultants-com2 -ChallengeType http-01
It produced this output:

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier :
Uri :
Status : pending
Expires : 2/19/2019 12:59:23 AM
Challenges : {, , iis}
Combinations : {1, 0, 2}

IdentifierType : dns
Identifier :
Uri :
Status : invalid
Expires : 2/18/2019 9:10:04 PM
Challenges : {, , }
Combinations : {1, 0, 2}

My web server is (include version):

The operating system my web server runs on is (include version):
server 2016 essentials 1203-1755

My hosting provider, if applicable, is:
None default iis webpage. I am setting this up for vpn validation

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes. I am using PSVersion 5.1.14393.2636
PSEdition Desktop

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I am using the acme-sharp ps modules for this

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

This is my first time using a lets encrypt cert. I normally just buy them for domains. then I validate them using either a txt file or mail to my admin email.

I am attempting to get a cert here mainly for my vpn connections. I am going to direct all my traffic through this subdomain off of my main site.

My main site is hosted by google. I am redirecting a subdomain to my home server.

I have forwarded ports 80,8080, and 443. They are open and tested.
I have also created a cname alias inside my lan (dns on server) that points the domain on my cert to my local server, both in my reverse lookup zone and standard. A standard google search gets to my iis default web page, both in and out of the lan.

I made sure to add the -useclobber flag when installing the iis provider. Acme server vault was initialized. I was following the quickstart guide on the github page for the ACMEsharp modules step by step.

IIS shows as a handler.
Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type



I am quite puzzled as to why this isn’t working.
I made multiple attempts and kept failing the challenge.
Any help is appreciated.


As soon as I posted this and ran through everything again it all worked just fine.

I think it just wanted me to admit it could do something and I couldn’t see what it did. I am even stepping through this in the ise so it wasn’t a miss spelling.

Thanks for reading

closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.