I have a certificate which was expired 2 months ago. need to renew

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: tableau.healthdataroof.io

I ran this command: certbot certonly

It produced this output: Problem binding to port 80: [WinError 10013] An attempt was made to access a socket in a way forbidden by its access permissions

My web server is (include version):Apache Tableau

The operating system my web server runs on is (include version):Windows 2019

My hosting provider, if applicable, is: Go Daddy

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

2

Hi @surya, and welcome to the LE community forum :slight_smile:

certbot isn't able to bind to port 80 because something else [maybe IIS] is already using that port.

You might want to take a look at a native Windows based ACME client [like: CertifyTheWeb or Posh-ACME] instead of using certbot for Windows [which is slated for extinction soon].

4 Likes
3

Hi @surya ,

I am guessing Port 80 is occupied by Server: Tableau
(I do not know what that is. Do not take my ignorance as that this community is not able to assist).

$ curl -Ii http://tableau.healthdataroof.io
HTTP/1.1 200 OK
Date: Fri, 15 Dec 2023 21:28:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1583
Connection: keep-alive
Server: Tableau
Vary: X-Forwarded-Proto,Accept-Encoding
Last-Modified: Thu, 16 Mar 2023 01:42:24 GMT
ETag: "62f-5f6fa92850000"
Accept-Ranges: bytes
Cache-Control: no-cache, no-store, must-revalidate
Expires: -1
X-Tableau: Tableau Server
P3P: CP="NON"
X-UA-Compatible: IE=Edge
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy-Report-Only: connect-src * https://*.tiles.mapbox.com https://api.mapbox.com; default-src blob:; font-src * data:; frame-src * data: tableau-desktop:; img-src * data: blob:; object-src data:; report-uri /vizql/csp-report; script-src * blob:; style-src * 'unsafe-inline'
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
2 Likes
4

Yet using HTTPS the server: awselb/2.0

$ curl -k -Ii https://tableau.healthdataroof.io
HTTP/2 504
server: awselb/2.0
date: Fri, 15 Dec 2023 21:36:26 GMT
content-type: text/html
content-length: 132
2 Likes
5

That combined with GoDaddy usually means they are using the GoDaddy URL Redirect service.

If so, they need to disable that and point the DNS directly to their server IP instead.

3 Likes
6

Thanks @MikeMcQ :slight_smile:

2 Likes
7

Hi Bruce,

When I am trying to generate the _acme key, for this domain, I am getting the below error message

As you mentioned in the earlier responses, we are using certifytheweb and also POSH ACME.

Below is the error in POSH-ACME

Submit-ChallengeValidation : Authorization invalid for tableau.healthdataroof.io: No TXT record found at
_acme-challenge.tableau.healthdataroof.io
At C:\Program Files\WindowsPowerShell\Modules\Posh-ACME\4.20.0\Public\New-PACertificate.ps1:253 char:9

  • Submit-ChallengeValidation
  • CategoryInfo : OperationStopped: (Authorization i...althdataroof.io:String) [Submit-ChallengeValidation
    ], RuntimeException
  • FullyQualifiedErrorId : Authorization invalid for tableau.healthdataroof.io: No TXT record found at _acme-challe
    nge.tableau.healthdataroof.io,Submit-ChallengeValidation

please help!

8

Please see the Challenge Types - Let's Encrypt

The above would be for the HTTP-01 challenge

Below would be for the DNS-01 challenge

1 Like
9

The main this with DNS validation is to ensure the TXT record is being created (in your public DNS) and allow enough time for TXT records to copy to all of your nameservers, usually 30-60 seconds for Cloudflare, before proceeding with validation. Certify The Web will default to at least 60 seconds for Cloudflare DNS, I'm not sure about Posh-ACME.

3 Likes
10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.