Help setting up on Windows 10 with Caddy From IIS

My cert with IIS has expired and i am trying to use caddy but i can’t seem to verify anything. I was wondering if there was a way to revoke and remove any traces of old cert on my computer and get a fresh cert using caddy? Sorry i’m not good with networking i followed win-acme before using IIS.

My domain is:hyndraslic.com

I ran this command:caddy.exe -host hyndraslic.com

It produced this output:
Activating privacy features… 2020/07/10 00:12:09 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:10 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781908047
2020/07/10 00:12:10 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 00:12:10 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 00:12:18 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781908047
2020/07/10 00:12:18 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781908047
2020/07/10 00:12:19 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:19 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781910904
2020/07/10 00:12:19 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 00:12:19 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 00:12:23 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781910904
2020/07/10 00:12:23 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781910904
2020/07/10 00:12:24 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:24 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781912329
2020/07/10 00:12:24 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 00:12:24 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 00:12:28 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781912329
2020/07/10 00:12:28 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781912329
2020/07/10 00:12:29 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:30 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781913748
2020/07/10 00:12:30 [INFO] [hyndraslic.com] acme: Could not find solver for: tls-alpn-01
2020/07/10 00:12:30 [INFO] [hyndraslic.com] acme: use http-01 solver
2020/07/10 00:12:30 [INFO] [hyndraslic.com] acme: Trying to solve HTTP-01
2020/07/10 00:12:38 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781913748
2020/07/10 00:12:38 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781913748
2020/07/10 00:12:39 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:39 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781916292
2020/07/10 00:12:39 [INFO] [hyndraslic.com] acme: Could not find solver for: tls-alpn-01
2020/07/10 00:12:39 [INFO] [hyndraslic.com] acme: use http-01 solver
2020/07/10 00:12:39 [INFO] [hyndraslic.com] acme: Trying to solve HTTP-01
2020/07/10 00:12:45 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781916292
2020/07/10 00:12:45 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781916292
2020/07/10 00:12:46 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 00:12:47 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

My web server is (include version):Caddy 2.1.1

The operating system my web server runs on is (include version):Windows 10

My hosting provider, if applicable, is

I can login to a root shell on my machine (yes or no, or I don’t know):Yes

Wait one hour, that’s how long the failed authorizations are remembered.

There is a Failed Validation limit of 5 failures per account, per hostname, per hour. This limit is higher on our staging environment, so you can use that environment to debug connectivity problems. Exceeding the Failed Validations limit is reported with the error message too many failed authorizations recently .

I’m guessing it’s going to keep happening every hour that’s why i wanted to see if there was a solution.

Right, but when you’re not rate limited any longer, we would be able to see what the real reason/error behind the failure to obtain the certificate. (Instead of just seeing the rate limit error).

Are you stopping IIS when you run Caddy? I am a little puzzled how you plan to combine the two.

Caddy is a webserver - a replacement or frontend proxy for IIS. If you’re running IIS and try to also run Caddy at the same time on the same port, it’s not going to work. Only one of them can serve traffic on port 80 at one time.

I tried it again and IIS and it’s services are stopped it’s been longer than an hour, i get the error below.

Microsoft Windows [Version 10.0.18363.900]
© 2019 Microsoft Corporation. All rights reserved.

C:\Windows\system32>C:\Caddy\caddy.exe -host hyndraslic.com
Activating privacy features… 2020/07/10 02:03:35 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:03:36 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783598172
2020/07/10 02:03:36 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 02:03:36 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 02:03:48 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783598172
2020/07/10 02:03:48 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783598172
2020/07/10 02:03:49 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:03:50 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783601772
2020/07/10 02:03:50 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 02:03:50 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 02:04:05 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783601772
2020/07/10 02:04:05 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783601772
2020/07/10 02:04:06 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:04:07 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783606879
2020/07/10 02:04:07 [INFO] [hyndraslic.com] acme: use tls-alpn-01 solver
2020/07/10 02:04:07 [INFO] [hyndraslic.com] acme: Trying to solve TLS-ALPN-01
2020/07/10 02:04:24 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783606879
2020/07/10 02:04:24 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783606879
2020/07/10 02:04:25 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:04:26 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783612867
2020/07/10 02:04:26 [INFO] [hyndraslic.com] acme: Could not find solver for: tls-alpn-01
2020/07/10 02:04:26 [INFO] [hyndraslic.com] acme: use http-01 solver
2020/07/10 02:04:26 [INFO] [hyndraslic.com] acme: Trying to solve HTTP-01
2020/07/10 02:04:43 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783612867
2020/07/10 02:04:44 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783612867
2020/07/10 02:04:45 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:04:45 [INFO] [hyndraslic.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783618017
2020/07/10 02:04:45 [INFO] [hyndraslic.com] acme: Could not find solver for: tls-alpn-01
2020/07/10 02:04:45 [INFO] [hyndraslic.com] acme: use http-01 solver
2020/07/10 02:04:45 [INFO] [hyndraslic.com] acme: Trying to solve HTTP-01
2020/07/10 02:05:09 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783618017
2020/07/10 02:05:10 [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5783618017
2020/07/10 02:05:11 [INFO] [hyndraslic.com] acme: Obtaining bundled SAN certificate
2020/07/10 02:05:12 failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url:

Oh, I see. Caddy itself is causing the rate limit to be exceeded by trying again in rapid succession. Sorry, I did not interpret the log right the first time.

For now, to avoid the rate limiting issue, you could set this in your Caddyfile under the tls section:

ca https://acme-staging-v02.api.letsencrypt.org/directory

That way you don’t have to wait an hour between tries.

Second thing I would try would be to open port 443 on your firewall. It looks like Caddy is unable to get your certificate using TLS-ALPN because that port times out.

Port 80 seems to time out at the moment as well. I don’t know if you’ve closed it intentionally.

I don’t know why Caddy failed to get a certificate via HTTP/port 80. In the authorization (https://acme-v02.api.letsencrypt.org/acme/authz-v3/5781913748) it looks like it got a response, but I can’t tell which webserver it was from based on the few bytes that are visible there.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.