Hi all,
On 30/12/21 our combined SSL certificate for 30+ domains expired. There are about 30 domains within the same application, all pointing to the same IP address (52.151.81.36), but one of them always fails to generate. When I'm in luck and repeat the process, it may potentially generate on the 3rd/4th attempt, which was the case for a few times last year or so. This domain we've had for 3 years, potentially it could have started happening when we switched the generating tool from X3 to R3, but maybe even before, I'm not sure.
Today, I'm not in luck, it simply won't generate it even on the 5th attempt and due to too many failures it'll kick me out for one hour (due to rate limits for subsequent failures). And the same happened a few times today when I repeated this. (By the time you read this, I might succeed in one of my further attempts, but there is still something wrong, because it never happened with any other domain, only this one).
I believe something's wrong with the domain itself (that I can't DNS manage myself, but I can get client to fix if there's anything to fix). An example of a 'good' domain (out of those 30 on the same SSL) is for instance www.theorderstore.co.uk.
So right now, I had to take this domain out of the list to have at least those other 30 sites working. Which obviously isn't a solution.
The domain that fails:
www.cartridgeconnect.co.uk
I ran this client:
C:\SSL\Lets-encrypt-v3(win-acme.com.2.1.18)\wacs.exe
It produced this output:
type: urn:ietf:params:acme:error:unauthorized
detail: Invalid response from http://www.cartridgeconnect.co.uk/.well-known/acme-challenge/xxxxxxxxxxxxxxx [2a07:7800::138]
status: 403
or
During secondary validation: Invalid response from http://www.cartridgeconnect.co.uk/.well-known/acme-challenge/xxxxxxxxxxxxxxx [2a07:7800::138]
My web server + OS:
Windows Server 2016 v 1607 (OS Build 14393.3930)
I can login to a root shell on my machine.
I'm using IIS to manage my site.
Any idea what could be wrong? Thanks for any help!