Let's encrypt throwing Error 'Cached order has status invalid' for IIS Server

Help
1

I am error while creating Let's Encrypt SSL certificate for my domain app.mysite.io using win-acme (wacs).
I am using IIS server for deployments and bindings.

The Domain is already pointed to my server and the Ping is also successful,

when I try to create Let's Encrypt SSL certificate I am getting the Cached order has status invalid error.

Port 80 and Port 443 are enable in firewall as well.

Screenshot_68666
Screenshot_686661106×409 72.8 KB

Additionally, I have successfully created SSL certificate before as well on same machine using same method, they were success.

my these domains are working fine with SSL enabled:

Moreover, I am facing this issue not with just app.mysite.io Domain but also any other new domain like app.mysite.biz

2

The essential part of the error is "Timeout during connect"

I assume portal.mysite.io is not your actual domain name so there is not much we can do to help debug this.

Try using https://letsdebug.net to test connection from the public internet. We'll need your actual domain name if you want help.

3 Likes
3

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like
4

You can ignore this (wn-acme error), that's just a warning. The actual problem is that your server is not properly responding to http domain validation requests.

  • check your firewall allows incoming TCP port 80 requests (to any process)
  • check you don't have any geographic filtering or blocking, validation will come from many regions
  • double check your domain actually points to this server and there is no load balancing etc
  • try a reboot

To suggest more we would need to know your real domain name but "timeout during connect" literally means you are not allowing Let's Encrypt to connect.

3 Likes
5

Thank you for Response, these are the details:

My domain is:
insigniafleet.insigniabiz.com (Not Working)
or app.digitalrestaurant.io (Not Working)

I ran this command:
used win-acme (wacs) with staging service

It produced this output:

[app.digitalrestaurant.io] Authorization result: invalid
[app.digitalrestaurant.io] {"type":"urn:ietf:params:acme:error:connection","detail":"103.31.104.122: Fetching http://app.digitalrestaurant.io/.well-known/acme-challenge/2dpi97re9v5GvSiA-ja50EWdOe_gCjSW3Yh5hYq0oTE: Timeout during connect (likely firewall problem)","status":400,"instance":null}

My web server is (include version): IIS Server (IP: 103.31.104.122) version: 10.0.19041.1

The operating system my web server runs on is (include version): Windows 10 Pro (x64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): no

additionally, i have checked on SSL Server Test: insigniafleet.insigniabiz.com (Powered by Qualys SSL Labs) but it is showing Certificate mismatch with domain apiportal.digitalfleets.io (also mine)

image
image1416×537 40.8 KB

6

(post deleted by author)