Let’s Encrypt Validation win-acme. Invalid responses

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: anthoneygray.ca

I ran this command: Win-acme

It produced this output: 2025-04-01 16:31:15.680 -04:00 [INF] [Progress] All Tests Completed OK
2025-04-01 16:31:33.586 -04:00 [INF] ---- Beginning Request [anthoneyfray.ca] ----
2025-04-01 16:31:33.586 -04:00 [INF] Renewal Reason: Certificate has not yet been successfully requested, so a renewal attempt is required.
2025-04-01 16:31:33.586 -04:00 [INF] Certify/6.1.4.0 (Windows; Microsoft Windows NT 10.0.19045.0)
2025-04-01 16:31:33.587 -04:00 [INF] Beginning certificate request process: anthoneyfray.ca using ACME provider Anvil
2025-04-01 16:31:33.587 -04:00 [INF] The selected Certificate Authority is: Let's Encrypt
2025-04-01 16:31:33.591 -04:00 [INF] Requested identifiers to include on certificate: anthoneyfray.ca
2025-04-01 16:31:36.041 -04:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/2314166547/369719097187
2025-04-01 16:31:38.337 -04:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall/2314166547/498946260327/bKHrKg
2025-04-01 16:31:38.613 -04:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall/2314166547/498946260327/v1T95Q
2025-04-01 16:31:46.484 -04:00 [INF] Http Challenge Server process available.
2025-04-01 16:31:46.484 -04:00 [INF] Preparing automated challenge responses for: anthoneyfray.ca
2025-04-01 16:31:46.485 -04:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU with content KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU.CvQXAfuYa2LMhUZaBsyKmGhVEmq2gd5mNo8GL3rSIuY
2025-04-01 16:31:46.485 -04:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2025-04-01 16:31:46.522 -04:00 [INF] Using website path C:\inetpub\wwwroot
2025-04-01 16:31:46.523 -04:00 [INF] Checking URL is accessible: http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU [proxyAPI: True, timeout: 5000ms]
2025-04-01 16:31:46.670 -04:00 [INF] URL is accessible. Check passed.
2025-04-01 16:31:46.670 -04:00 [INF] Resuming certificate request using CA: Let's Encrypt
2025-04-01 16:31:46.670 -04:00 [INF] Attempting challenge response validation for: anthoneyfray.ca
2025-04-01 16:31:46.672 -04:00 [INF] [Progress] Checking automated challenge response for: anthoneyfray.ca
2025-04-01 16:31:46.673 -04:00 [INF] Submitting challenge for validation: anthoneyfray.ca http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU
2025-04-01 16:31:51.578 -04:00 [ERR] [Progress] Validation failed: anthoneyfray.ca
Response from Certificate Authority: 35.209.14.221: Invalid response from http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU: 404 [Forbidden :: urn:ietf:params:acme:error:unauthorized]
2025-04-01 16:31:51.616 -04:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: anthoneyfray.ca
Response from Certificate Authority: 35.209.14.221: Invalid response from http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU: 404 [Forbidden :: urn:ietf:params:acme:error:unauthorized]

My web server is (include version): My web server is IIS internet information services verson 10.0.19041.1

The operating system my web server runs on is (include version): Windows 10 Professional 64 bite.

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): I don't have a root shell.

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): (Am not using Certbot) I Am using Win-acme and Certify the web. Error>>>>>2025-04-01 16:31:15.680 -04:00 [INF] [Progress] All Tests Completed OK
2025-04-01 16:31:33.586 -04:00 [INF] ---- Beginning Request [anthoneyfray.ca] ----
2025-04-01 16:31:33.586 -04:00 [INF] Renewal Reason: Certificate has not yet been successfully requested, so a renewal attempt is required.
2025-04-01 16:31:33.586 -04:00 [INF] Certify/6.1.4.0 (Windows; Microsoft Windows NT 10.0.19045.0)
2025-04-01 16:31:33.587 -04:00 [INF] Beginning certificate request process: anthoneyfray.ca using ACME provider Anvil
2025-04-01 16:31:33.587 -04:00 [INF] The selected Certificate Authority is: Let's Encrypt
2025-04-01 16:31:33.591 -04:00 [INF] Requested identifiers to include on certificate: anthoneyfray.ca
2025-04-01 16:31:36.041 -04:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/2314166547/369719097187
2025-04-01 16:31:38.337 -04:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall/2314166547/498946260327/bKHrKg
2025-04-01 16:31:38.613 -04:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall/2314166547/498946260327/v1T95Q
2025-04-01 16:31:46.484 -04:00 [INF] Http Challenge Server process available.
2025-04-01 16:31:46.484 -04:00 [INF] Preparing automated challenge responses for: anthoneyfray.ca
2025-04-01 16:31:46.485 -04:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU with content KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU.CvQXAfuYa2LMhUZaBsyKmGhVEmq2gd5mNo8GL3rSIuY
2025-04-01 16:31:46.485 -04:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2025-04-01 16:31:46.522 -04:00 [INF] Using website path C:\inetpub\wwwroot
2025-04-01 16:31:46.523 -04:00 [INF] Checking URL is accessible: http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU [proxyAPI: True, timeout: 5000ms]
2025-04-01 16:31:46.670 -04:00 [INF] URL is accessible. Check passed.
2025-04-01 16:31:46.670 -04:00 [INF] Resuming certificate request using CA: Let's Encrypt
2025-04-01 16:31:46.670 -04:00 [INF] Attempting challenge response validation for: anthoneyfray.ca
2025-04-01 16:31:46.672 -04:00 [INF] [Progress] Checking automated challenge response for: anthoneyfray.ca
2025-04-01 16:31:46.673 -04:00 [INF] Submitting challenge for validation: anthoneyfray.ca http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU
2025-04-01 16:31:51.578 -04:00 [ERR] [Progress] Validation failed: anthoneyfray.ca
Response from Certificate Authority: 35.209.14.221: Invalid response from http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU: 404 [Forbidden :: urn:ietf:params:acme:error:unauthorized]
2025-04-01 16:31:51.616 -04:00 [ERR] Validation of the required challenges did not complete successfully. Validation failed: anthoneyfray.ca
Response from Certificate Authority: 35.209.14.221: Invalid response from http://anthoneyfray.ca/.well-known/acme-challenge/KqKjHXtoqXoFYdxJ2Oa5z8bRV1_DtV_gSFJxuGNf7PU: 404 [Forbidden :: urn:ietf:params:acme:error:unauthorized]

Hello @Cobra,

Which domain name is the correctly spelled one?

anthoneyfray.ca

And that is the correct path? (I'm grasping at straws).

Visited that site: server replied it's running on nginx: do you have any knowledge about it?

@Cobra Your log file is from using Certify The Web - Certify Certificate Manager which is a Windows desktop app with a GUI https://certifytheweb.com/ - which I work on. Win-acme is very different command line app: https://www.win-acme.com/

Your domain validation is failing because your domain is currently served by an nginx web server (running wordpress) but you are running Certify on a (different?) windows machine running the IIS web server. The app needs to run on the same machine that is serving the website for HTTP domain validation to work. I can't tell if your wordpress site is running or linux or windows.

I suspect your wordpress site is hosted on Google Cloud, probably on a linux based virtual machine but your are trying to use your own windows deksotp to get a certificate. To get certs for your website you need to run an ACME tool on that server, if linux that's usually something like certbot on that machine, or use Wordpress to get an automatic certificate (if it has that functionality/plugin)

Please can you also confirm if the domain is supposed to be anthoneygray.ca or anthoneyfray.ca because your post mentions both and you could just have a domain typo.

Thanks I was thinking the same thing, that maybe I would have to install and run the WordPress Hosted Platform On My Desktop but wasn't sure so I didn't dear to I'll try it and if it work I'll let you know Thanks webprofusion.

Yes Cobra That is the correct path and I have no idea the server was running on nginx I don't even know what nginx is am going to look it up.
Thanks Cobra.