Getting invalid return after submitting challenge


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
vpn.crowconsultants.com

I ran this command:
New-ACMEIdentifier -Dns vpn.crowconsultants.com -Alias vpn-crowconsultants-com2

Get-ACMEIdentifier vpn-crowconsultants-com2

Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type

Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Combinations

Complete-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01 -Handler iis -HandlerParameters @{ WebSiteRef = ‘Default Web Site’ }

Submit-ACMEChallenge vpn-crowconsultants-com2 -ChallengeType http-01

Update-ACMEIdentifier vpn-crowconsultants-com2 -ChallengeType http-01
It produced this output:

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : vpn.crowconsultants.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/4h4JV9VCiCWyCcgaYKrUVaCVl9y
Stlo9BP5_7maSW2M
Status : pending
Expires : 2/19/2019 12:59:23 AM
Challenges : {, , iis}
Combinations : {1, 0, 2}

ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : vpn.crowconsultants.com
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/mobwmo-myWyNHX7eDilt9cf_OKd
a-CmVOwON6W1cClw
Status : invalid
Expires : 2/18/2019 9:10:04 PM
Challenges : {, , }
Combinations : {1, 0, 2}

My web server is (include version):
IIS

The operating system my web server runs on is (include version):
server 2016 essentials 1203-1755

My hosting provider, if applicable, is:
None default iis webpage. I am setting this up for vpn validation

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes. I am using PSVersion 5.1.14393.2636
PSEdition Desktop

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I am using the acme-sharp ps modules for this

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

This is my first time using a lets encrypt cert. I normally just buy them for domains. then I validate them using either a txt file or mail to my admin email.

I am attempting to get a cert here mainly for my vpn connections. I am going to direct all my traffic through this subdomain off of my main site.

My main site is hosted by google. I am redirecting a subdomain to my home server.

I have forwarded ports 80,8080, and 443. They are open and tested.
I have also created a cname alias inside my lan (dns on server) that points the domain on my cert to my local server, both in my reverse lookup zone and standard. A standard google search gets to my iis default web page, both in and out of the lan.

I made sure to add the -useclobber flag when installing the iis provider. Acme server vault was initialized. I was following the quickstart guide on the github page for the ACMEsharp modules step by step.

IIS shows as a handler.
Get-ACMEIdentifier vpn-crowconsultants-com2 | select -expand Challenges | select Type

Type

tls-alpn-01
dns-01
http-01

I am quite puzzled as to why this isn’t working.
I made multiple attempts and kept failing the challenge.
Any help is appreciated.


#2

As soon as I posted this and ran through everything again it all worked just fine.

I think it just wanted me to admit it could do something and I couldn’t see what it did. I am even stepping through this in the ise so it wasn’t a miss spelling.

Thanks for reading


closed #3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.