Invalid response 404 with win-acme and IIS

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:sms.tstvconnect.com

I ran this command: I tried installing SSL on my IIS webserver and it produced the output below. My IIS webserver is on a local IP address and a public IP address is port forwarded to the local IP address

It produced this output: [sms.tstvconnect.com] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"102.219.212.93: Invalid response from http://sms.tstvconnect.com/.well-known/acme-challenge/C05y3KzV1L3B3b_EHWX9K7r7U3yf30Kp7ei6LK9_BYk: 404","status":403,"instance":null}

My web server is (include version): IIS

The operating system my web server runs on is (include version): windows

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme

Hello @mevicluv, welcome to the Let's Encrypt community. :slightly_smiling_face:

Side note: Port 443 is Closed.

$ nmap -Pn -p80,443 sms.tstvconnect.com
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-23 22:28 UTC
Nmap scan report for sms.tstvconnect.com (102.219.212.93)
Host is up (0.27s latency).

PORT    STATE  SERVICE
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 0.77 seconds

Edit: I also see this with curl -i http://sms.tstvconnect.com/.well-known/acme-challenge/sometestfile
sms.tstvconnect.com.txt (3.5 KB)

5 Likes

Make sure your win-acme is using the self-hosting option for http challenges (which temporarily sits in front of IIS on port 80 and catches the challenge requests), otherwise your IIS (Web Application) needs to be configured to serve the challenge response files. https://www.win-acme.com/reference/plugins/validation/http/selfhosting.

Also make sure port 80 is being forwarded to this server and not some other one.

5 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.