Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: Tried to renew via WinAcme.exe
It produced this output:
Plugin IIS generated source remindo.net with 2 identifiers
Plugin Single created 1 order
Source change in order Main detected
Renewing [IIS] Remindo.net, (any host)
Cached order has status invalid, discarding
[remindo.net] Authorizing...
[remindo.net] Authorizing using http-01 validation (SelfHosting)
[remindo.net] Authorization result: invalid
[remindo.net] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"66.96.163.128: Invalid response from https://remindo.net/.well-known/acme-challenge/KSPb5l49u-JtEE8wLvBMzXEkPIJxXZXUz85dPBDvZkg: 404","status":403,"instance":null}
[remindo.net] Deactivating pending authorization
[www.remindo.net] Deactivating pending authorization
Renewal for [IIS] Remindo.net, (any host) failed, will retry on next run
Validation failed
No certificate generated
My web server is (include version): IIS
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is: 10.0.17763.1
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): WinAcme with a EXE date of 5/22/2024
I used LetsDebug and it said it saw no problems. I would not be opposed to starting over from scratch with this certificate if that would be easier. This site is not really in use just yet. Just not totally sure the best way to go about that.
It could be the wrong machine responding? The error says that the domain resolved to the IP 66.96.163.128 but when I check your domain it resolves to 74.91.112.238.
When I browse to the domain it has a certificate that should be for lociapp.com which in turn also resolves to a different IP 74.91.127.170.
So the first thing I'd check is that your domain is pointing to the correct IP.
win-acme has been superseded by simple-acme to some extent (the maintainer has moved to that project), but during validation it runs it's own challenge response http service alongside IIS, and that should be working normally.
Looked at simple-acme. The site says it's signed. Windows says it's not. Seems sketchy. Guess I'll stick with Win-Acme for now. (And it installs WACS.EXE, anyway, which is confusing.)
Ah yes I see the signing issue, probably just a build glitch. Yes by all means stick with win-acme if it's otherwise working.
I develop Certify The Web (which is a different certificate management tool for windows etc) so I'm not going to try to convince you of the merits of simple-acme, except to say it's more up to date than win-acme
Regarding your validation issue, if you try again perhaps it will complete ok as long as it see the new IP.
