Identifier invalid


#1

Please fill out the fields below so we can help you better.

My domain is:mcsyncrosa.co.za

I ran this command: update-acmeidentifier webmail.mcsyncrosa.co.za_identi

It produced this output: status:invalid

My operating system is (include version): server 2008 R2 enterprise

My web server is (include version):

My hosting provider, if applicable, is: hetzner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

I assume you are using the ACMESharp client ? You may be better opening an issue with that developer - https://github.com/ebekker/ACMESharp/issues

I’ll try and help though. Did you add the challenge token, and can you reach it in your browser ?

Can you also paste the complete log and error at this point please.


#3

Hi

Thanks for you reply

Cannot reach it in browser. Ran the following script:

Import-module ACMEsharp
Import-module ACMEsharp/ACMESHARP-IIS
Initiliaze-ACMEVault

New-ACMERegistration -contacts mailto:kyle@tenacit.net -AcceptTos

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , }
Combinations : {2, 0, 1}

PS C:\Windows\system32> Complete-ACMEChallenge remote.mcsyncrosa.co.za_id -ChallengeType http-01 -Handler iis -HandlerPrameters @{ WebSiteRef = ‘Default Web Site’ }

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , iis}
Combinations : {2, 0, 1}

PS C:\Windows\system32> Submit-ACMEChallenge remote.mcsyncrosa.co.za_id -ChallengeType http-01

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , iis}
Combinations : {2, 0, 1}

PS C:\Windows\system32> Update-ACMEIdentifier remote.mcsyncrosa.co.za_id

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : invalid
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , }
Combinations : {2, 0, 1}


#4

This is a different error, for a different domain.

You are trying to perform a DNS challenge on remote.mcsyncrosa.co.za - but the relevant DNS records don’t exist for remote.mcsyncrosa.co.za . How have you tried to provide the relevant dns token ?


#5

My bad

I have done this with webmail.mcsyncrosa.co.za and dns record exists.
I can get to the site via URL


#6

webmail.mcsyncrosa.co.za looks fine, yes. remote.mcsyncrosa.co.za needs the DNS sorting out before that will work though.


#7

Results from webmail letsEncrypt identifier creation

PS C:\Windows\system32> New-ACMERegistration -contacts mailto:kyle@tenacit.net -AcceptTos

Contacts : {mailto:kyle@tenacit.net}
PublicKey : { e = AQAB, kty = RSA, n = yQyfYdUElekSWaoHakeLQ0Q-yHYfhvyHaInqNQqHjo_6qGZElRFx5-WNjPkDhbk6e5_VxO9P
l4O39_CXXbvBb0VNxIGbeYNCzAmzkWCQRVIZHnx1yXhMPvvrcsAWVzcDgN3a3ctgHLOh7Tbzc9zBxXqlee86SiFzT2LMJhNzW-t
G2N1SzPydr34hr3Osc3j52xX0GoCcGlgrvFxSw4BhKehPHUfXtGVVcIJEfWc4O9LHVpmHtAPVcwYgpU7lDAZVKpHbo_zerhHjR2
Yi9IIUfOnf4sL4_HBPAT1jTNh4vWPdbXrNgIPMJAn9NfN6m7hnldQR839h70xM84xyNmHNqQ }
RecoveryKey :
RegistrationUri : https://acme-v01.api.letsencrypt.org/acme/reg/7214845
Links : {https://acme-v01.api.letsencrypt.org/acme/new-authz;rel=“next”,
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf;rel=“terms-of-service”}
TosLinkUri : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
TosAgreementUri : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
AuthorizationsUri :
CertificatesUri :

PS C:\Windows\system32> New-ACMEIdentifier -Dns webmail.mcsyncrosa.co.za -Alias webmail.mcsyncrosa.co.za_1

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Complete-ACMEChallenge webmail.mcsyncrosa.co.za_1 -ChallengeType http-01 -Handler iis -HandlerPa
rameters @{ WebSiteRef = ‘Default Web Site’ }

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {iis, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Submit-ACMEChallenge webmail.mcsyncrosa.co.za_1 -ChallengeType http-01

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {iis, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Update-ACMEIdentifier webmail.mcsyncrosa.co.za_1

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : invalid
Expires : 12/20/2016 8:13:08 AM
Challenges : {, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32>


#8

Are you intending to do this as a DNS verification ? if so, what token have you added to your DNS ? because from a quick check I can’t see it.


#9

hi kyetenacit

i have written a guide on how to use IIS and lets encrypt

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke?trk=mp-reader-card

I think you are getting stuck on completing the the challenges.

From what I understand you want to use the HTTP challenge?

At the bottom of that article it talks about how you need enable mime types for the .ACME challenge directory


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.