How to get started using ACME and Lets Encrypt


#1

What is the best ACME plugin\software for Windows Server 2012 R2+ Windows server 2016 using IIS /SSH/ Hosting the website internally (Outside the domain) using DNN. Looking to have Lets Encrypt hand out Certs.

With Shell Access
We recommend that most people with shell access use the Certbot ACME client. It can automate certificate issuance and installation with no downtime. It also has expert modes for people who don’t want autoconfiguration. It’s easy to use, works on many operating systems, and has great documentation. Visit the Certbot site to get customized instructions for your operating system and web server.

If Certbot does not meet your needs, or you’d like to try something else, there are many more ACME clients to choose from. Once you’ve chosen ACME client software, see the documentation for that client to proceed.

Thanks in Advance


#2

Hi,

For Windows acme client, you could try this client…
https://certifytheweb.com

A list of competable clients are here:

Thank you


#3

Thanks Steven, I found and downloaded the certifytheweb. and tried requesting a cert and received and error.

Have you seen this before. (background: I’m not web person but have be “Voluntold” for this project lol.

2018-07-11 08:25:52.365 -04:00 [INF] Performing Config Tests
2018-07-11 08:25:53.979 -04:00 [INF] Beginning Certificate Request Process: gha
2018-07-11 08:25:53.979 -04:00 [INF] Registering Domain Identifiers
2018-07-11 08:25:53.979 -04:00 [INF] Attempting Domain Validation: www.gha.org
2018-07-11 08:25:53.980 -04:00 [INF] Registering and Validating www.gha.org
2018-07-11 08:25:55.633 -04:00 [INF] Performing Challenge Response via IIS: www.gha.org
2018-07-11 08:25:56.317 -04:00 [INF] Requesting Validation from Let’s Encrypt: www.gha.org
2018-07-11 08:25:57.470 -04:00 [INF] Domain validation failed: www.gha.org
[type, urn:acme:error:unauthorized]
[detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/CVAEyn4MXxjBlA7ZsD6pUN0YCPxWRhO3BLrl55p5zHw: "

404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:25:59.183 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/CVAEyn4MXxjBlA7ZsD6pUN0YCPxWRhO3BLrl55p5zHw: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:25:59.183 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/CVAEyn4MXxjBlA7ZsD6pUN0YCPxWRhO3BLrl55p5zHw: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:28:51.566 -04:00 [INF] Performing Config Tests 2018-07-11 08:28:53.544 -04:00 [INF] Beginning Certificate Request Process: gha 2018-07-11 08:28:53.545 -04:00 [INF] Registering Domain Identifiers 2018-07-11 08:28:53.545 -04:00 [INF] Attempting Domain Validation: www.gha.org 2018-07-11 08:28:53.545 -04:00 [INF] Registering and Validating www.gha.org 2018-07-11 08:28:54.579 -04:00 [INF] Performing Challenge Response via IIS: www.gha.org 2018-07-11 08:28:55.219 -04:00 [INF] Requesting Validation from Let's Encrypt: www.gha.org 2018-07-11 08:28:58.086 -04:00 [INF] Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/6SuDLNLDxGYvtnfjV5BewaaHQ2Z-8zPksSNMwcX96mI: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:28:59.766 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/6SuDLNLDxGYvtnfjV5BewaaHQ2Z-8zPksSNMwcX96mI: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:28:59.767 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/6SuDLNLDxGYvtnfjV5BewaaHQ2Z-8zPksSNMwcX96mI: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:29:37.875 -04:00 [INF] Performing Config Tests 2018-07-11 08:29:39.181 -04:00 [INF] Beginning Certificate Request Process: gha 2018-07-11 08:29:39.181 -04:00 [INF] Registering Domain Identifiers 2018-07-11 08:29:39.181 -04:00 [INF] Attempting Domain Validation: www.gha.org 2018-07-11 08:29:39.182 -04:00 [INF] Registering and Validating www.gha.org 2018-07-11 08:29:40.080 -04:00 [INF] Performing Challenge Response via IIS: www.gha.org 2018-07-11 08:29:40.719 -04:00 [INF] Requesting Validation from Let's Encrypt: www.gha.org 2018-07-11 08:29:41.487 -04:00 [INF] Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/4fmBn1oGHswzUevJmsCYSomHvpKlMNHGju-TPusSRvQ: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:29:42.722 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/4fmBn1oGHswzUevJmsCYSomHvpKlMNHGju-TPusSRvQ: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:29:42.722 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: www.gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://www.gha.org/.well-known/acme-challenge/4fmBn1oGHswzUevJmsCYSomHvpKlMNHGju-TPusSRvQ: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:33:57.686 -04:00 [INF] Performing Config Tests 2018-07-11 08:33:59.988 -04:00 [INF] Beginning Certificate Request Process: gha 2018-07-11 08:33:59.988 -04:00 [INF] Registering Domain Identifiers 2018-07-11 08:33:59.988 -04:00 [INF] Attempting Domain Validation: gha.org 2018-07-11 08:33:59.989 -04:00 [INF] Registering and Validating gha.org 2018-07-11 08:34:01.325 -04:00 [INF] Performing Challenge Response via IIS: gha.org 2018-07-11 08:34:01.996 -04:00 [INF] Requesting Validation from Let's Encrypt: gha.org 2018-07-11 08:34:05.112 -04:00 [INF] Domain validation failed: gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://gha.org/.well-known/acme-challenge/rYpsDPt9O-nhWhQP_ALBJwEJoba6ce4uTXl7QHrbvmU: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:34:06.802 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://gha.org/.well-known/acme-challenge/rYpsDPt9O-nhWhQP_ALBJwEJoba6ce4uTXl7QHrbvmU: " 404 Not Found

Not Found

<p"] [status, 403] 2018-07-11 08:34:06.802 -04:00 [INF] Validation of the required challenges did not complete successfully. Domain validation failed: gha.org [type, urn:acme:error:unauthorized] [detail, Invalid response from http://gha.org/.well-known/acme-challenge/rYpsDPt9O-nhWhQP_ALBJwEJoba6ce4uTXl7QHrbvmU: " 404 Not Found

Not Found

<p"] [status, 403]

#4

I’m not familiar with the Windows clients, however that error means that Let’s Encrypt’s validation authority was unable to load the challenge files at those URLs. The way Let’s Encrypt validates your control of a domain (one of the ways at least) is by placing a challenge file in a specific directory.

One thing to check is that your web server is properly serving extensionless files. I know that’s been an issue for IIS users in the past. Try to create a test.txt and test file (text file still, but with no extension) in the web root’s /.well-known/acme-challenge directory and verify that you can access these files by going to http://www.gha.org/.well-known/acme-challenge/test.txt and http://www.gha.org/.well-known/acme-challenge/test, respectively.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.