The script successfully places the verification files in the correct directory but fails with verification.
Domain verification results for 'mywebsite.com': error. Invalid response from http://mywebsite.com/.well-known/acme-challenge/DtIyGDuBkjuc8P3jHUHN9stmi7tksRnq1BGQXYIJcSg: "<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
"HTML><HEAD><TITLE>Not Found</TITLE>
I am using IIS and I added a MIME type with file name extension as “.” and MIME type as “text/plain” omitting double quotes. When I use ZeroSSL’s free ssl certificate wizard tool, it works successfully.
I am stumped as to why it’s failing here but works successfully through the tool.
If the --path option in that script is similar to the -w option in Certbot, then it doesn’t want you to add .well-known/acme-challenge at the end because it will add that for itself. In that case, it would expect you to supply just --path C:/inetpub/wwwroot/mywebsite without the .well-known/acme-challenge part. The idea is that the option specifies the web root directory, rather than specifying the ACME challenge directory.
The --path option specifies the absolute path to save the challenge files to. If I remove the /.well-known/acme-challenge then the files will be saved in the webroot directory. I appreciate the input though.
OK, you said it worked with ZeroSSL—with ZeroSSL, did you also place a challenge file in C:/inetpub/wwwroot/mywebsite/.well-known/acme-challenge and then were you able to access that challenge file in a web browser?
Yes, the tool on ZeroSSL generates the challenge files which I downloaded and placed into the directory. I then was able to access it through a web browser. The tool generates a CSR of 4096 encoded bits and an account key for LE of 2048 encoded bits. Then the challenge files are generated which are used to prove ownership of the domain. Then the domain certificate and domain key are generated which are used to issue the SSL certificate.
Yes, I see the files created and I am able to open them and view the contents. Unfortunately, I am not sure if I have that record. This is the first time I am touching this server I am working on.
There is no need to hide your domain, you posted it in another thread
As you are not using the --unlink parameter in your command, the challenge file should be there, do you have any file in C:/inetpub/wwwroot/mywebsite/.well-known/acme-challenge/?.
And, could you please create a test file so we can try to reach it?.
I was able to access it yesterday, but when I just tried I received the same 404 error as the challenge files.
My directory permissions should not be preventing access to the test file.
Anyway, you should review your Web Server config because I can't reach that file too:
$ curl -ikL http://mollyandbanditpetparty.com/.well-known/acme-challenge/test.txt
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Wed, 16 May 2018 17:35:23 GMT
Connection: close
Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
That is the server answering in port 80, I don't know whether it acts as a proxy for IIS or the web server you are using so take a look to that because maybe you should disable that service, configure it, whathever, I don't use Windows Web Servers...
I changed the IP address of the website and that resolved the issue. I am unsure what happened but something with the IP address that the website was binded to. I am now able to verify successfully. I appreciate the help from both.
