IIS Error requesting certificate

Hi, i have a problem on a windows server when I try to renew a cerificate and i get the following error:

Plugin IIS generated source myathlon.it with 2 identifiers
Plugin Single created 1 order
Cached order available but not used with --nocache option.
[myathlon.it] Cached authorization result: valid
[myathlon.it] Handling challenge anyway because --test and/or --nocache is active
[myathlon.it] Authorizing...
[myathlon.it] Authorizing using http-01 validation (SelfHosting)
[myathlon.it] Authorization result: valid
[www.myathlon.it] Cached authorization result: valid
[www.myathlon.it] Handling challenge anyway because --test and/or --nocache is active
[www.myathlon.it] Authorizing...
[www.myathlon.it] Authorizing using http-01 validation (SelfHosting)
[www.myathlon.it] Authorization result: valid
Downloading certificate [IIS] www.myathlon.it, (any host)
Error requesting certificate [IIS] www.myathlon.it, (any host)

Any suggestion on what try to do?

Hello @lucacriticalcase, welcome to the Let's Encrypt community. :slightly_smiling_face:

I believe your server configuration is in error that it is returning a HTTP Response Code of 200 OK for nonexistent files.

I chose a random TOKEN KJvEkMZC15uMyBtwRvh8yUxGuhVAtrq9DMCdIANs and curl
received a HTTP Response Code of 200 OK

$ curl -Ii http://myathlon.it/.well-known/acme-challenge/KJvEkMZC15uMyBtwRvh8yUxGuhVAtrq9DMCdIANs
HTTP/1.1 200 OK
Content-Length: 16441
Content-Type: text/html
Last-Modified: Fri, 17 May 2024 13:12:42 GMT
Accept-Ranges: bytes
ETag: "0c14ae65ba8da1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Fri, 17 May 2024 22:42:54 GMT

And tried a second random TOKEN gs882aN1W5n5PImoDYNvvxzNarvlLRDDMaavL8Hn and curl
received a HTTP Response Code of 200 OK

$ curl -Ii http://myathlon.it/.well-known/acme-challenge/gs882aN1W5n5PImoDYNvvxzNarvlLRDDMaavL8Hn
HTTP/1.1 200 OK
Content-Length: 16441
Content-Type: text/html
Last-Modified: Fri, 17 May 2024 13:12:42 GMT
Accept-Ranges: bytes
ETag: "0c14ae65ba8da1:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Fri, 17 May 2024 22:44:54 GMT
1 Like

Thanks Bruce, I hadn't done this test with curl. I have not yet understood if there is a problem with the IIS configuration or if the problem could be a firewall (or somethingelse) in front of the webserver.

2 Likes

Yes to the above, and not the firewall as I presently see it.

Also using the online tool Let's Debug yields these favorable results https://letsdebug.net/myathlon.it/1962977

All OK!
2 Likes

Thanks so much Bruce, I'll try the tool you recommended immediately

2 Likes

Which version of win-acme are you using? This part looks like domain validation passed but finalization or storage of the certificate failed.

5 Likes

Hi, in the end the renewal was successful. I believe they had modified the public DNS record and the change had not yet propagated. A few hours later we found the certificate renewed. Thank you all

3 Likes