Identifier invalid

Please fill out the fields below so we can help you better.

My domain is:mcsyncrosa.co.za

I ran this command: update-acmeidentifier webmail.mcsyncrosa.co.za_identi

It produced this output: status:invalid

My operating system is (include version): server 2008 R2 enterprise

My web server is (include version):

My hosting provider, if applicable, is: hetzner

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

I assume you are using the ACMESharp client ? You may be better opening an issue with that developer - https://github.com/ebekker/ACMESharp/issues

I’ll try and help though. Did you add the challenge token, and can you reach it in your browser ?

Can you also paste the complete log and error at this point please.

Hi

Thanks for you reply

Cannot reach it in browser. Ran the following script:

Import-module ACMEsharp
Import-module ACMEsharp/ACMESHARP-IIS
Initiliaze-ACMEVault

New-ACMERegistration -contacts mailto:kyle@tenacit.net -AcceptTos

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , }
Combinations : {2, 0, 1}

PS C:\Windows\system32> Complete-ACMEChallenge remote.mcsyncrosa.co.za_id -ChallengeType http-01 -Handler iis -HandlerPrameters @{ WebSiteRef = ‘Default Web Site’ }

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , iis}
Combinations : {2, 0, 1}

PS C:\Windows\system32> Submit-ACMEChallenge remote.mcsyncrosa.co.za_id -ChallengeType http-01

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : pending
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , iis}
Combinations : {2, 0, 1}

PS C:\Windows\system32> Update-ACMEIdentifier remote.mcsyncrosa.co.za_id

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : remote.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/P2e2whPLL9kgtHBUcYMgSIfi6mg731c-qrxV7HI_VQg
Status : invalid
Expires : 12/19/2016 6:14:34 AM
Challenges : {, , }
Combinations : {2, 0, 1}

This is a different error, for a different domain.

You are trying to perform a DNS challenge on remote.mcsyncrosa.co.za - but the relevant DNS records don’t exist for remote.mcsyncrosa.co.za . How have you tried to provide the relevant dns token ?

My bad

I have done this with webmail.mcsyncrosa.co.za and dns record exists.
I can get to the site via URL

webmail.mcsyncrosa.co.za looks fine, yes. remote.mcsyncrosa.co.za needs the DNS sorting out before that will work though.

Results from webmail letsEncrypt identifier creation

PS C:\Windows\system32> New-ACMERegistration -contacts mailto:kyle@tenacit.net -AcceptTos

Contacts : {mailto:kyle@tenacit.net}
PublicKey : { e = AQAB, kty = RSA, n = yQyfYdUElekSWaoHakeLQ0Q-yHYfhvyHaInqNQqHjo_6qGZElRFx5-WNjPkDhbk6e5_VxO9P
l4O39_CXXbvBb0VNxIGbeYNCzAmzkWCQRVIZHnx1yXhMPvvrcsAWVzcDgN3a3ctgHLOh7Tbzc9zBxXqlee86SiFzT2LMJhNzW-t
G2N1SzPydr34hr3Osc3j52xX0GoCcGlgrvFxSw4BhKehPHUfXtGVVcIJEfWc4O9LHVpmHtAPVcwYgpU7lDAZVKpHbo_zerhHjR2
Yi9IIUfOnf4sL4_HBPAT1jTNh4vWPdbXrNgIPMJAn9NfN6m7hnldQR839h70xM84xyNmHNqQ }
RecoveryKey :
RegistrationUri : https://acme-v01.api.letsencrypt.org/acme/reg/7214845
Links : {https://acme-v01.api.letsencrypt.org/acme/new-authz;rel=“next”,
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf;rel=“terms-of-service”}
TosLinkUri : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
TosAgreementUri : https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
AuthorizationsUri :
CertificatesUri :

PS C:\Windows\system32> New-ACMEIdentifier -Dns webmail.mcsyncrosa.co.za -Alias webmail.mcsyncrosa.co.za_1

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Complete-ACMEChallenge webmail.mcsyncrosa.co.za_1 -ChallengeType http-01 -Handler iis -HandlerPa
rameters @{ WebSiteRef = ‘Default Web Site’ }

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {iis, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Submit-ACMEChallenge webmail.mcsyncrosa.co.za_1 -ChallengeType http-01

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : pending
Expires : 12/20/2016 8:13:08 AM
Challenges : {iis, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32> Update-ACMEIdentifier webmail.mcsyncrosa.co.za_1

IdentifierPart : ACMESharp.Messages.IdentifierPart
IdentifierType : dns
Identifier : webmail.mcsyncrosa.co.za
Uri : https://acme-v01.api.letsencrypt.org/acme/authz/7fuwXYvvcaoHQNhcqFTQiOYQHkUPtTdpm9DsT4vwe7A
Status : invalid
Expires : 12/20/2016 8:13:08 AM
Challenges : {, , }
Combinations : {1, 2, 0}

PS C:\Windows\system32>

Are you intending to do this as a DNS verification ? if so, what token have you added to your DNS ? because from a quick check I can’t see it.

hi kyetenacit

i have written a guide on how to use IIS and lets encrypt

https://www.linkedin.com/pulse/lets-encrypt-part-1-issuing-installing-certificates-andrei-hawke?trk=mp-reader-card

I think you are getting stuck on completing the the challenges.

From what I understand you want to use the HTTP challenge?

At the bottom of that article it talks about how you need enable mime types for the .ACME challenge directory

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.