Let's encrypt throwing Error 'Cached order has status invalid' for IIS Server

Help
1

I am error while creating Let's Encrypt SSL certificate for my domain app.mysite.io using win-acme (wacs).
I am using IIS server for deployments and bindings.

The Domain is already pointed to my server and the Ping is also successful,

when I try to create Let's Encrypt SSL certificate I am getting the Cached order has status invalid error.

Port 80 and Port 443 are enable in firewall as well.

Screenshot_68666
Screenshot_686661106×409 72.8 KB

Additionally, I have successfully created SSL certificate before as well on same machine using same method, they were success.

my these domains are working fine with SSL enabled:

Moreover, I am facing this issue not with just app.mysite.io Domain but also any other new domain like app.mysite.biz

2

The essential part of the error is "Timeout during connect"

I assume portal.mysite.io is not your actual domain name so there is not much we can do to help debug this.

Try using https://letsdebug.net to test connection from the public internet. We'll need your actual domain name if you want help.

3 Likes
3

When you opened this thread in the Help section, you should have been provided with a questionnaire. Maybe you didn't get it somehow (which is weird), or you've decided to delete it. In any case, all the answers to this questionnaire are required:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like
4

You can ignore this (wn-acme error), that's just a warning. The actual problem is that your server is not properly responding to http domain validation requests.

  • check your firewall allows incoming TCP port 80 requests (to any process)
  • check you don't have any geographic filtering or blocking, validation will come from many regions
  • double check your domain actually points to this server and there is no load balancing etc
  • try a reboot

To suggest more we would need to know your real domain name but "timeout during connect" literally means you are not allowing Let's Encrypt to connect.

3 Likes
5

Thank you for Response, these are the details:

My domain is:
insigniafleet.insigniabiz.com (Not Working)
or app.digitalrestaurant.io (Not Working)

I ran this command:
used win-acme (wacs) with staging service

It produced this output:

[app.digitalrestaurant.io] Authorization result: invalid
[app.digitalrestaurant.io] {"type":"urn:ietf:params:acme:error:connection","detail":"103.31.104.122: Fetching http://app.digitalrestaurant.io/.well-known/acme-challenge/2dpi97re9v5GvSiA-ja50EWdOe_gCjSW3Yh5hYq0oTE: Timeout during connect (likely firewall problem)","status":400,"instance":null}

My web server is (include version): IIS Server (IP: 103.31.104.122) version: 10.0.19041.1

The operating system my web server runs on is (include version): Windows 10 Pro (x64)

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): no

additionally, i have checked on SSL Server Test: insigniafleet.insigniabiz.com (Powered by Qualys SSL Labs) but it is showing Certificate mismatch with domain apiportal.digitalfleets.io (also mine)

image
image1416×537 40.8 KB

7

As i checked telnet on my site on port 80 the Connection failed

C:\Users\IBM User>telnet insigniafleet.insigniabiz.com 80       
Connecting To insigniafleet.insigniabiz.com...Could not open connection to the host, on port 80: Connect failed

As I contacted my Network Service Provider and it turns out that they disabled port 80 from there side few days ago , due to some reasons (which was enable before).

So now they are working on it and it soon will be enable.

Thank You All for your responses, it was helpful for me to identify the problem.

3 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.