IIS 8.5 Authorization timed out trying to request certificate

My domain is: www.reservasweb.comsor.com.uy

I ran this command: new certificate(n) - manual input (4) - reservasweb.comsor.com.uy

It produced this output: [WARN] First chance error calling into ACME server, retrying with new nonce…
[INFO] Authorize identifier: reservaweb.camsor.com.uy
[INFO] Authorizing reservaweb.camsor.com.uy using http-01 validation (SelfHosti
ng)
[EROR] Authorization timed out
[EROR] Create certificate failed: Authorization failed

My web server is (include version): iis8.5

The operating system my web server runs on is (include version): Windows server 2012R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): YES

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @Dionisio77

there are two domain names - camsor and comsor.

Checking that domain name there is no ip address / A-record ( https://check-your-website.server-daten.de/?q=reservasweb.camsor.com.uy ):

Host T IP-Address is auth. ∑ Queries ∑ Timeout
reservasweb.camsor.com.uy Name Error yes 1 0
www.reservasweb.camsor.com.uy Name Error yes 1 0

So it's impossible to create a certificate using http-validation.

An A entry (domain -> ip address) and a running webserver (port 80) with that ip address is required.

Helo Juergen.
I check for the IP now and I got one, I used the camsor.com.uy web. And also de subdomain reservasweb.



But i still got the same error when creating the certificate.

Is the IP OK?

There is again no ip address defined - https://check-your-website.server-daten.de/?q=reservasweb.camsor.com.uy

Host T IP-Address is auth. ∑ Queries ∑ Timeout
reservasweb.camsor.com.uy Name Error yes 1 0
www.reservasweb.camsor.com.uy Name Error yes 1 0

Name Error = no ip.

The maini domain has an ip address:

ost T IP-Address is auth. ∑ Queries ∑ Timeout
camsor.com.uy A 190.0.145.100 Cordon/Departamento de Montevideo/Uruguay (UY) - Latin American and Caribbean IP address Regional Registry Hostname: srvweb01.fepremi.com.uy yes 1 0
AAAA yes
www.camsor.com.uy A 190.0.145.100 Cordon/Departamento de Montevideo/Uruguay (UY) - Latin American and Caribbean IP address Regional Registry Hostname: srvweb01.fepremi.com.uy yes 1 0
AAAA yes

190.0.145.100.

Such an entry is required. But I don't know what's your correct ip address. Same? Other?

What says

ipconfig /All

Now there is a check, two hours old - https://check-your-website.server-daten.de/?q=reservaweb.camsor.com.uy

Now ip addresses are defined:

Host T IP-Address is auth. ∑ Queries ∑ Timeout
reservaweb.camsor.com.uy A 200.58.145.142 Montevideo/Departamento de Montevideo/Uruguay (UY) - Latin American and Caribbean IP address Regional Registry Hostname: ip145-142.static.movinet.com.uy yes 1 0
AAAA yes
www.reservaweb.camsor.com.uy A 200.58.145.142 Montevideo/Departamento de Montevideo/Uruguay (UY) - Latin American and Caribbean IP address Regional Registry Hostname: ip145-142.static.movinet.com.uy yes 1 0
AAAA yes

But only timeouts, no port answers.

Great!
I still have the same issue.
I tryed 2 things
1 having the reservaweb.camsor.com.uy by http at 80.
2 having the reservaweb.camsor.com.uy by https at 443 with a local certificate and having a redirect in the default site to the https site.

In both cases the result is the same

port 80 and 443 are open

They are open if you use an online tool and if that online tool shows an answer.

Hi,

First of a few: you’ve removed the IPs from your hostname (at least for external users)

This means you won’t be able to obtain a certificate for your domain using http-01, which resolves your domain, then connect to the IP address resolved and complete whatever validation they need.

Before you want to proceed with the validation process, you’ll need to ensure your IP’s port 80 is open. If port 80 is closed, the http-01 validation fails.

As of now, since there’s no IP address for this hostname, we can’t even test if your ports are open.

Thanks

That's only a caching problem. https://check-your-website.server-daten.de/?q=reservaweb.camsor.com.uy shows ip addresses, the authoritative name servers are used.

Use

nslookup reservaweb.camsor.com.uy. ns1.femi.com.uy

or the direct ip address:

reservaweb.camsor.com.uy
	•  ns1.femi.com.uy / ns01
	179.27.43.66
Santa Lucia/Canelones/Uruguay (UY) - Latin American and Caribbean IP address Regional Registry
1 Like

Port opened and certificate working.

Thanks for the time

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.