New Cert Error - Invalid response from domain

I wonder if I am getting an error for one of the following reasons: 1.) I previously created my own CA and self-signed certificate; 2.) It considers the webserver I'm using to connect to the web, not me as a webserver; 3.) My server wont respond because there is no https yet; or, 4.) I accidentally deleted the DNS I established first and had to recreate it.

My (DNS) domain is: www.chickenForest1.com

I ran this command:
Binding identifiers(s) or menu option: A

It produced this output:
1: www.chickenforest1.com:9000 (Site 2, http)

Continue with this selection? (y*/n) - yes

Source generated using plugin IIS: www.chickenforest1.com

Plugin IIS generated source www.chickenforest1.com with 1 identifiers

Plugin Single created 1 order

Cached order has status invalid, discarding
[www.chickenforest1.com] Authorizing...
[www.chickenforest1.com] Authorizing using http-01 validation (SelfHosting)
[www.chickenforest1.com] Authorization result: invalid
[www.chickenforest1.com] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"91.195.240.19: Invalid response from chickenforest1.com - chickenforest1 Resources and Information. \u0022\u003C!DOCTYPE html\u003E\u003Chtml lang=\\u0022en\\u0022 data-adblockkey=M...2","status":403,"instance":null}
[www.chickenforest1.com] Deactivating pending authorization

My web server is (include version): MS Server 2022 iis, Microsoft Windows [Version 10.0.20348.2227]

The operating system my web server runs on is (include version): Windows Server 2022 Standard Evaluation version 21H2, OS Build 20348.2227

My hosting provider, if applicable, is: Unknown. I hope to run offline and just hooked up to the interweb to get the security credentials I need.

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): na, do I have to run certbot on the client prior to running winAcme?

No, not any of those :slight_smile:

winacme requests a cert as the ACME Client but the Let's Encrypt ACME Servers make an HTTP request (port 80) to that domain. They expect to see the challenge token placed on your server by winacme.

Right now your public DNS points to an NginX server (not IIS). And, it is not replying with that token. It looks like some sort of parking page to me.

An ACME HTTP Challenge must use port 80. More about challenges here

3 Likes

Winacme is your client. Certbot is a different ACME client and is just used as an example. Thus the answer to this question is your winacmes version.

2 Likes

Maybe this should be reversed:
(e.g. output of certbot --version or certbot-auto --version if you're using Certbot)

As:
(e.g. if you're using Certbot, then show the output of certbot --version or certbot-auto --version)

1 Like

Get your site working via http first - check it from your phone data not wifi etc. The domain you supplied is currently a namecheap domain parking site which you don't control, unless you work for namecheap.

If the domain works for you check if you have a hosts file entry overriding the public IP for that domain on your machine.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.