Manual certbot will not verify

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:
admin.bunker15.com

I ran this command:
certbot certonly -d admin.bunker15.com --test-cert --manual

It produced this output:
Press Enter to Continue

Certbot failed to authenticate some domains (authenticator: manual). The Certifi
cate Authority reported these problems:
Domain: admin.bunker15.com
Type: connection
Detail: 45.34.164.42: Fetching http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4: Error getting validation data

Hint: The Certificate Authority failed to verify the manually created challenge
files. Ensure that you created these in the correct location.

←[31mSome challenges have failed.←[0m
Ask for help or search for solutions at https://community.letsencrypt.org. See t
he logfile C:\Certbot\log\letsencrypt.log or re-run Certbot with -v for more det
ails.

My web server is (include version):
IIS 8.5

The operating system my web server runs on is (include version):
Windows Server 2012 R2

My hosting provider, if applicable, is:
n/a

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.24.0

I go to the url:

http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4

and get a 200 OK with the correct response. Why is it failing to verify?

Thanks,

-Mike

Here is my log file from this attempt:
2022-05-14 12:19:49,377:DEBUG:certbot._internal.main:certbot version: 1.24.0
2022-05-14 12:19:49,377:DEBUG:certbot._internal.main:Location of certbot entry point: C:\Program Files (x86)\Certbot\bin\certbot.exe
2022-05-14 12:19:49,377:DEBUG:certbot._internal.main:Arguments: ['-d', 'admin.bunker15.com', '--test-cert', '--manual', '--preconfigured-renewal']
2022-05-14 12:19:49,377:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2022-05-14 12:19:49,377:DEBUG:certbot.compat.misc:Failed to set console mode
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\certbot\compat\misc.py", line 60, in prepare_virtual_console
h.SetConsoleMode(h.GetConsoleMode() | ENABLE_VIRTUAL_TERMINAL_PROCESSING)
pywintypes.error: (87, 'SetConsoleMode', 'The parameter is incorrect.')
2022-05-14 12:19:49,659:DEBUG:certbot._internal.log:Root logging level set at 30
2022-05-14 12:19:49,674:DEBUG:certbot._internal.plugins.selection:Requested authenticator manual and installer None
2022-05-14 12:19:49,690:DEBUG:certbot._internal.plugins.selection:Single candidate plugin: * manual
Description: Manual configuration or run your own shell scripts
Interfaces: Authenticator, Plugin
Entry point: manual = certbot._internal.plugins.manual:Authenticator
Initialized: <certbot._internal.plugins.manual.Authenticator object at 0x03DE7C58>
Prep: True
2022-05-14 12:19:49,690:DEBUG:certbot._internal.plugins.selection:Selected authenticator <certbot._internal.plugins.manual.Authenticator object at 0x03DE7C58> and installer None
2022-05-14 12:19:49,690:INFO:certbot._internal.plugins.selection:Plugins selected: Authenticator manual, Installer None
2022-05-14 12:19:49,768:DEBUG:certbot._internal.main:Picked account: <Account(RegistrationResource(body=Registration(key=None, contact=(), agreement=None, status=None, terms_of_service_agreed=None, only_return_existing=None, external_account_binding=None), uri='https://acme-staging-v02.api.letsencrypt.org/acme/acct/54136044', new_authzr_uri=None, terms_of_service=None), fd09ab87ef05cba948d46863ed72b135, Meta(creation_dt=datetime.datetime(2022, 5, 14, 17, 43, 5, tzinfo=), creation_host='WIN-5LL8KSFAF97.carsonholmes.com', register_to_eff=None))>
2022-05-14 12:19:49,784:DEBUG:acme.client:Sending GET request to https://acme-staging-v02.api.letsencrypt.org/directory.
2022-05-14 12:19:49,799:DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org:443
2022-05-14 12:19:49,877:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "GET /directory HTTP/1.1" 200 822
2022-05-14 12:19:49,877:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 14 May 2022 19:20:21 GMT
Content-Type: application/json
Content-Length: 822
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"3739CNwz4-g": "Adding random entries to the directory",
"keyChange": "https://acme-staging-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "Staging Environment - Let's Encrypt"
},
"newAccount": "https://acme-staging-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-staging-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-staging-v02.api.letsencrypt.org/get/draft-aaron-ari/renewalInfo/",
"revokeCert": "https://acme-staging-v02.api.letsencrypt.org/acme/revoke-cert"
}
2022-05-14 12:19:49,909:DEBUG:certbot._internal.display.obj:Notifying user: Requesting a certificate for admin.bunker15.com
2022-05-14 12:19:52,174:DEBUG:certbot.crypto_util:Generating RSA key (2048 bits): C:\Certbot\keys\0045_key-certbot.pem
2022-05-14 12:19:52,237:DEBUG:certbot.crypto_util:Creating CSR: C:\Certbot\csr\0045_csr-certbot.pem
2022-05-14 12:19:52,237:DEBUG:acme.client:Requesting fresh nonce
2022-05-14 12:19:52,237:DEBUG:acme.client:Sending HEAD request to https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce.
2022-05-14 12:19:52,268:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "HEAD /acme/new-nonce HTTP/1.1" 200 0
2022-05-14 12:19:52,268:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 14 May 2022 19:20:23 GMT
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0002WjAMgp_cJTXIZMKF8YB3UlnhYZc5RHNhu6zYcjYyk5Q
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

2022-05-14 12:19:52,268:DEBUG:acme.client:Storing nonce: 0002WjAMgp_cJTXIZMKF8YB3UlnhYZc5RHNhu6zYcjYyk5Q
2022-05-14 12:19:52,268:DEBUG:acme.client:JWS payload:
b'{\n "identifiers": [\n {\n "type": "dns",\n "value": "admin.bunker15.com"\n }\n ]\n}'
2022-05-14 12:19:52,284:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/new-order:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDEzNjA0NCIsICJub25jZSI6ICIwMDAyV2pBTWdwX2NKVFhJWk1LRjhZQjNVbG5oWVpjNVJITmh1NnpZY2pZeWs1USIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9uZXctb3JkZXIifQ",
"signature": "av3rMwoVEcb_kVrHgRJYdL2BQJrYZNbzhcaxfOj9ukj-Wi1T9l_BMH1BYVNyZXAosRwyBdKHRVR0x_9-m41I1qVBRTOcOJ8FHgOweDyisAO0IuC7_dw8wFgDR1OFx2vJs94vYU1cNJPeObnd_3qYklszdsikFxrbSDEazZgQ1OFlo9_3OGtWPXSK4pvPF_GzJ1je5kUOiiGI1US5FQjOwMaKt0SjNq2o9VaSCLXJXHliJUNOYXCphVjPUAFfM5jsw3vQiZ-HFJJ-FteOtsSNvivAQobSJTU6Pc2dLTeSGDhYa7axL2jLkZofs3UCId5tefGH8oJaJNr72IronvBXjA",
"payload": "ewogICJpZGVudGlmaWVycyI6IFsKICAgIHsKICAgICAgInR5cGUiOiAiZG5zIiwKICAgICAgInZhbHVlIjogImFkbWluLmJ1bmtlcjE1LmNvbSIKICAgIH0KICBdCn0"
}
2022-05-14 12:19:52,346:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/new-order HTTP/1.1" 201 354
2022-05-14 12:19:52,346:DEBUG:acme.client:Received response:
HTTP 201
Server: nginx
Date: Sat, 14 May 2022 19:20:23 GMT
Content-Type: application/json
Content-Length: 354
Connection: keep-alive
Boulder-Requester: 54136044
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/order/54136044/2577625664
Replay-Nonce: 0002NgNVERIt59kfCNUD4Di3t0wFaSAOjo--LoRGazx93sE
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"status": "pending",
"expires": "2022-05-21T19:20:23Z",
"identifiers": [
{
"type": "dns",
"value": "admin.bunker15.com"
}
],
"authorizations": [
"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2446728194"
],
"finalize": "https://acme-staging-v02.api.letsencrypt.org/acme/finalize/54136044/2577625664"
}
2022-05-14 12:19:52,346:DEBUG:acme.client:Storing nonce: 0002NgNVERIt59kfCNUD4Di3t0wFaSAOjo--LoRGazx93sE
2022-05-14 12:19:52,346:DEBUG:acme.client:JWS payload:
b''
2022-05-14 12:19:52,362:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2446728194:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDEzNjA0NCIsICJub25jZSI6ICIwMDAyTmdOVkVSSXQ1OWtmQ05VRDREaTN0MHdGYVNBT2pvLS1Mb1JHYXp4OTNzRSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDQ2NzI4MTk0In0",
"signature": "chu8j5pFEZeQisgYxrPA8G6w_M6TQyGQz-wPyhrrLkqOw0y4AQ52v-gZ49Me4JlPrZ1q7SQhUOIyR15-4F9ab8obPTcjmyfrhZyUWpauH9S4TZWUjgFpdTIT2hhbUKe6oojy2P0c0_4BviNNtyxh8vHoUGRF9v22gv5EHUl0MBnkKDIoYDNQvE9OKUhiyjaIE7ZaIuPsr1mKjVkg_iIAT6tv-8wiWyNwLKrmvZnuf74BffAhpNu3jQsuIcgUjIxZhAoAMOz4P3QjgpcFoGHsDnchfOFCHyEDJcpgMWyyz6ZDOVQKfIMY51uXpdllfDt93qxKvBuJBM5PVRW5RYrRfA",
"payload": ""
}
2022-05-14 12:19:52,393:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/2446728194 HTTP/1.1" 200 820
2022-05-14 12:19:52,393:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 14 May 2022 19:20:23 GMT
Content-Type: application/json
Content-Length: 820
Connection: keep-alive
Boulder-Requester: 54136044
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001awoFYAO3Rt4hyZGbTqEFl_wBQ2N3AGLK8qf3gqcoc-A
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "admin.bunker15.com"
},
"status": "pending",
"expires": "2022-05-21T19:20:23Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/-Ff4xQ",
"token": "qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/UulZQA",
"token": "qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/WqDeCA",
"token": "qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4"
}
]
}
2022-05-14 12:19:52,393:DEBUG:acme.client:Storing nonce: 0001awoFYAO3Rt4hyZGbTqEFl_wBQ2N3AGLK8qf3gqcoc-A
2022-05-14 12:19:52,393:INFO:certbot._internal.auth_handler:Performing the following challenges:
2022-05-14 12:19:52,393:INFO:certbot._internal.auth_handler:http-01 challenge for admin.bunker15.com
2022-05-14 12:19:52,393:DEBUG:certbot._internal.display.obj:Notifying user: Create a file containing just this data:

qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4.J8E1r-Znt9AuWLT8Cbs-X6Md7e2olCYbgZ52h1R73GQ

And make it available on your web server at this URL:

http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4

2022-05-14 12:26:24,056:DEBUG:acme.client:JWS payload:
b'{}'
2022-05-14 12:26:24,072:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/-Ff4xQ:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDEzNjA0NCIsICJub25jZSI6ICIwMDAxYXdvRllBTzNSdDRoeVpHYlRxRUZsX3dCUTJOM0FHTEs4cWYzZ3Fjb2MtQSIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9jaGFsbC12My8yNDQ2NzI4MTk0Ly1GZjR4USJ9",
"signature": "qrbSq79cc6uZk_PvhdasJ0tQ-kHFAs460uIwSwNagt4xVjiSOGqv4GaLGxH04BnI90ZSvuYpIqKWGYac9oPLOa0THmQK6qgHob4_iNa85rSt_zYpEYZyfRxjGLSskw4i610iPiPgUJsiOvurWnm9cwKIOp0DEbL_gxcAgBN5I3Ymf6jsHEgKU2FgiZWufSbzU2UYQfoshvjpqIYTqToIDYtmVG-sstbhDL-3GlPUdSXwnJwcVppe_FzqZRji0DF7SBBu0VQIsprtcnnOLCzf9n4oMeiyjxqhW8Q16NtsLa_taifDMjFj1TKCF6asBXXXLmwdtjmp3wamLwXv9giLIQ",
"payload": "e30"
}
2022-05-14 12:26:24,088:DEBUG:urllib3.connectionpool:Resetting dropped connection: acme-staging-v02.api.letsencrypt.org
2022-05-14 12:26:24,166:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/chall-v3/2446728194/-Ff4xQ HTTP/1.1" 200 193
2022-05-14 12:26:24,181:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 14 May 2022 19:26:55 GMT
Content-Type: application/json
Content-Length: 193
Connection: keep-alive
Boulder-Requester: 54136044
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index", https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2446728194;rel="up"
Location: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/-Ff4xQ
Replay-Nonce: 00022pEopFdtQzUf3MdDgdqWbOMSRxLIPk4ifYCwLSp3Kp4
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"type": "http-01",
"status": "pending",
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/-Ff4xQ",
"token": "qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4"
}
2022-05-14 12:26:24,181:DEBUG:acme.client:Storing nonce: 00022pEopFdtQzUf3MdDgdqWbOMSRxLIPk4ifYCwLSp3Kp4
2022-05-14 12:26:24,181:INFO:certbot._internal.auth_handler:Waiting for verification...
2022-05-14 12:26:25,197:DEBUG:acme.client:JWS payload:
b''
2022-05-14 12:26:25,197:DEBUG:acme.client:Sending POST request to https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2446728194:
{
"protected": "eyJhbGciOiAiUlMyNTYiLCAia2lkIjogImh0dHBzOi8vYWNtZS1zdGFnaW5nLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC81NDEzNjA0NCIsICJub25jZSI6ICIwMDAyMnBFb3BGZHRRelVmM01kRGdkcVdiT01TUnhMSVBrNGlmWUN3TFNwM0twNCIsICJ1cmwiOiAiaHR0cHM6Ly9hY21lLXN0YWdpbmctdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hdXRoei12My8yNDQ2NzI4MTk0In0",
"signature": "Q0ZyPP5LOc-U8r51jc8fR8mCAelfm_uREWU4Zo91dwqjPNLxRYW_3dFq-5i4cVfGnIO8ORoBzLvI3_Q0TpjsnOd5oA9dDjG0C2xaQEXh4uE0NivInUMv0Wn8hGM4lCCeXSaka8DgeEh6SVua1RQaf_LOR3JyfyGremWZHzxhd2x7wnPPGn12T5Nd9ZC3ExR49D5_i1nqdY08zV_ElZwP4WsPa5KR9SIA7DpE5hNyjnrfvHBXaP7i4Z86TSiyWkKCpK-Z2CJkYJOo-PVRPqYW2mvL1mgF9XVs-FE_4JVQCtpvGSCa1QI2xUuIl9VsBZ3Z__VI785u_Zlmzd5614pAbw",
"payload": ""
}
2022-05-14 12:26:25,228:DEBUG:urllib3.connectionpool:https://acme-staging-v02.api.letsencrypt.org:443 "POST /acme/authz-v3/2446728194 HTTP/1.1" 200 1054
2022-05-14 12:26:25,228:DEBUG:acme.client:Received response:
HTTP 200
Server: nginx
Date: Sat, 14 May 2022 19:26:56 GMT
Content-Type: application/json
Content-Length: 1054
Connection: keep-alive
Boulder-Requester: 54136044
Cache-Control: public, max-age=0, no-cache
Link: https://acme-staging-v02.api.letsencrypt.org/directory;rel="index"
Replay-Nonce: 0001fInVBsgLMATYbXB4dCqtoOsYgCIr5fiYXtx_YJ6ZNyY
X-Frame-Options: DENY
Strict-Transport-Security: max-age=604800

{
"identifier": {
"type": "dns",
"value": "admin.bunker15.com"
},
"status": "invalid",
"expires": "2022-05-21T19:20:23Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:connection",
"detail": "45.34.164.42: Fetching http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4: Error getting validation data",
"status": 400
},
"url": "https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/2446728194/-Ff4xQ",
"token": "qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4",
"validationRecord": [
{
"url": "http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4",
"hostname": "admin.bunker15.com",
"port": "80",
"addressesResolved": [
"45.34.164.42"
],
"addressUsed": "45.34.164.42"
}
],
"validated": "2022-05-14T19:26:55Z"
}
]
}
2022-05-14 12:26:25,228:DEBUG:acme.client:Storing nonce: 0001fInVBsgLMATYbXB4dCqtoOsYgCIr5fiYXtx_YJ6ZNyY
2022-05-14 12:26:25,228:INFO:certbot._internal.auth_handler:Challenge failed for domain admin.bunker15.com
2022-05-14 12:26:25,228:INFO:certbot._internal.auth_handler:http-01 challenge for admin.bunker15.com
2022-05-14 12:26:25,228:DEBUG:certbot._internal.display.obj:Notifying user:
Certbot failed to authenticate some domains (authenticator: manual). The Certificate Authority reported these problems:
Domain: admin.bunker15.com
Type: connection
Detail: 45.34.164.42: Fetching http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4: Error getting validation data

Hint: The Certificate Authority failed to verify the manually created challenge files. Ensure that you created these in the correct location.

2022-05-14 12:26:25,244:DEBUG:certbot._internal.error_handler:Encountered exception:
Traceback (most recent call last):
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.

2022-05-14 12:26:25,244:DEBUG:certbot._internal.error_handler:Calling registered functions
2022-05-14 12:26:25,244:INFO:certbot._internal.auth_handler:Cleaning up challenges
2022-05-14 12:26:25,244:DEBUG:certbot._internal.log:Exiting abnormally:
Traceback (most recent call last):
File "runpy.py", line 197, in _run_module_as_main
File "runpy.py", line 87, in run_code
File "C:\Program Files (x86)\Certbot\bin\certbot.exe_main
.py", line 29, in
sys.exit(main())
File "C:\Program Files (x86)\Certbot\pkgs\certbot\main.py", line 19, in main
return internal_main.main(cli_args)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1679, in main
return config.func(config, plugins)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 1538, in certonly
lineage = _get_and_save_cert(le_client, config, domains, certname, lineage)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\main.py", line 139, in _get_and_save_cert
lineage = le_client.obtain_and_enroll_certificate(domains, certname)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 513, in obtain_and_enroll_certificate
cert, chain, key, _ = self.obtain_certificate(domains)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 441, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\client.py", line 493, in _get_order_and_authorizations
authzr = self.auth_handler.handle_authorizations(orderr, self.config, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 106, in handle_authorizations
self._poll_authorizations(authzrs, max_retries, best_effort)
File "C:\Program Files (x86)\Certbot\pkgs\certbot_internal\auth_handler.py", line 206, in _poll_authorizations
raise errors.AuthorizationError('Some challenges have failed.')
certbot.errors.AuthorizationError: Some challenges have failed.
2022-05-14 12:26:25,244:ERROR:certbot._internal.log:Some challenges have failed.

Hi @Decker97, and welcome to the LE community forum :slight_smile:

I'm not an expert with IIS, but something is definitely strange about the response.
Notice the how different the responses are to the following:

Simple request returns the expected:

curl http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4
qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4.J8E1r-Znt9AuWLT8Cbs-X6Md7e2olCYbgZ52h1R73GQ

HEAD request returns a 302 redirection (with needless port 443 added - and path slashes are non HTML style):

curl -Ii http://admin.bunker15.com/.well-known/acme-challenge/qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4
HTTP/1.1 302 Found
Location: https://admin.bunker15.com:443\.well-known\acme-challenge\qGMwd6JrpF9sL0YLy3DXcOhvrVU8qu259X_JgL9YPP4
Date: Sat, 14 May 2022 21:25:09 GMT
Connection: keep-alive
Keep-Alive: timeout=5

I wonder what using different --user-agent would do...

2 Likes

Yeah, it seems like that redirection could potentially cause the "error getting validation data" error (although I haven't checked in the Boulder code). That is considered an invalid URL, so it's very possible that a client (like the Let's Encrypt validator) might not be willing to follow it!

Nice catch, @rg305!

@Decker97, can you make the HTTP to HTTPS redirection generate web-style paths with forward slashes instead of backslashes?

3 Likes

Yes, I was using Redbird as a reverse proxy. When I removed the HTTPS redirect, the validation worked.