Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com ), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: got-jena.de
I ran this command: ran a ps script referring acme client to renew the certificate for autodiscover.got-jena.de and david.got-jena.de
It produced this output: got the message that Authorization for both is VALID, but Get-PAOrder -Refresh brings Order is NOT ready
My web server is (include version): Windows Server IIS
The operating system my web server runs on is (include version): Windows Server 2016
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot):
_az
May 11, 2020, 9:47am
2
Can you show us the order URL?
try {
$auths = $LEOrder | Get-PAAuthorizations
$PublishAuths = auths | Select @{L='Url';E={"http:// (_.fqdn)/.well-known/acme-challenge/ (_.HTTP01Token)"}},@{L='Filename';E={ (_.HTTP01Token)}},@{L='Body';E={Get-KeyAuthorization _.HTTP01Token (Get-PAAccount)}}
foreach ($PublishAuth in $PublishAuths) {
$filename = $AcmeFolder + “” + $PublishAuth.Filename
$authfile = out-file $filename -InputObject $PublishAuth.Body -Encoding ASCII
#Write-ACMELog “LE System” “Info” “Successfully created authorisation file: $filename”
}
}
_az
May 11, 2020, 10:09am
4
Sorry, I meant to ask for the URL of your actual order object which isn’t transitioning to ready
.
Like https://acme-v02.api.letsencrypt.org/acme/order/xxxx/yyyy
The reason that the order isn’t transitioning to ready
would be that there are still authorizations remaining in the pending
state, so it would be useful to get the URL so we can look at the authorizations manually.
Unfortunately, the PS script is autogenerating the order URL and doesn’t show me,
in the ACME log I can only find this: https://acme-v02.api.letsencrypt.org/acme/acct/85819055
_az
May 11, 2020, 10:52am
6
You might be able to find it in an order.json
inside the config directory .
_az
May 11, 2020, 11:07am
8
If you click through to the authorizations at that URL, you'll see that they both failed:
Fetching http://autodiscover.got-jena.de/.well-known/acme-challenge/PMMJpPLaKQbPFeWW_pKsJ6BLj1qFgnyYkVVgykTqdwA: Timeout during connect (likely firewall problem)
Fetching http://david.got-jena.de/.well-known/acme-challenge/y4cx5d3MzvUVJJ4P-mhFm8ApFouKbARlfVbMYTWYp6Q: Timeout during connect (likely firewall problem)
And indeed, your IP seems to not allow connections to port 80:
$ curl -m10 david.got-jena.de
curl: (28) Connection timed out after 10001 milliseconds
1 Like
So it is needed that 443 AND 80 are open?
Just made a second dnat entry for port 80 in the firewall, and it worked! I wonder how it worked 3 months ago. Maybe another admin made a temp dnat for 80, and later removed that.
Thanks for your help!
system
Closed
June 10, 2020, 11:19am
10
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.