I ran the letsencrypt.exe for my sub domain and it failed to add the certificate. Please help?

Please fill out the fields below so we can help you better.

My domain is:
http://api.homerepairswinnipeg.ca
I ran this command:
I used the letsencrypt.exe to generate the certificate
It produced this output:
The ACME server was probably unable to reach http://api.homerpeairswinnipeg.ca/.well-known/acme-challenge/xxxxxx

Check in a browser to see if the answer file is being served correctly.

"This could be caused by IIS not being setup to handle extensionless static files. Here’s how to fix that:
1. In IIS manager go to Site/Server->Handler Mappings->View Ordered List
2. Move the StaticFile mapping above the ExtensionlessUrlHandler mappings. <like this http://i.stack.imgur.com/nkvrL.png>
3. If you need to make changes to your web.config file, update the one at C:\Users\Administrator\Desktop\letsencrypy-win-simple.V1.9.1\web_config.xml"

I followed the instructions noted above and I did the following:

  1. Copied the web config content found in the letsencrypt folder and pasted it in my application web config
  2. Moved the Static File handler above the Extension Handler in IIS for the following website

None of them worked.

I event tested to see if my website can be reached by outside. It even returned a 200 success status. I’m currently confused to what’s causing the error

My operating system is (include version):
Windows Server 2012 R2
My web server is (include version):
IIS 8.5
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @codesajinda, could you please complete the whole form including the “I ran this command” and “It produced this output” questions? Those will be necessary in order for people to help you figure out what went wrong.

Based on what you posted, I see that you are trying to run the Letsencrypt Win Simple client v1.9.1 on server 2012R2. You might find helpful the following video:

Letsencrypt Windows Client: How to Install Let’s Encrypt Free SSL Certificates on Windows Server

The demonstration is performed on Server 2012R2.

I tried the same thing but it doesn’t generate the certificate for this specific sub domain. On the primary domain i.e.(homerepairswinnipeg.ca), I was able to generate the certificate but not on the sub domain.

Let’s make sure we are on the same page here.

  1. You can successfully generate a single domain (i.e. homerepairswinnipeg.ca) certificate using the Letsencrypt Win Simple client - the buil 1.9.1.1 that we’ve compiled and provide on our web site, not built 1.9.1?
  2. You have issues generating a multiple domain SAN certificate, which requires using manual mode and additional modifications?

Regards,

Dean

  1. Yes, I downloaded the one noted here https://github.com/Lone-Coder/letsencrypt-win-simple/releases under the downloads section. I was able to run the exe and successfully generate a certificate for (homerepairswinnipeg.ca) but not the subdomain (http://api.homerepairswinnipeg.ca).

  2. Does this mean that I have to generate a manual certificate for the primary and subdomain as one certificate?

Yes. If you need the certificate to include more than one domain name, the additional names are added as SAN (Subject Alternative Names). This particular client, Letsencrypt Win Simple, can request SAN certificates but you need to use manual mode and pervorm additional configuration changes in IIS.

Excellent, I got it working using the SAN approach. Thanks again for the response.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.