can be reached from the internet I tried creating a file in the folder "/.well-known/acme-challenge" without an extension such as "YyEqLTY678IbIe5sLHSn1pg2nM_KJwBRtwxDXwk4daQ" with a sample text inside and publicly I reach it and see the text in the browser.
Unfortunately I continue to have errors in the certificate renewal, I have neither DNS records nor network inauguration in IPv6.
The web server is an IIS on Windows server 2019.
On the firewall I have no blocks of any kind (for example geo ip and etc.)
I thank you for the time you dedicate to me.
Hello
Thanks for the very detailed report. I am a little confused why the log file shows prod.domain.com but the domain at the top and your sample url for /.well-known/acme-challenge/... was for agents.italpannelli.it
Looking just at that url, I got:
curl -I http://agents.italpannelli.it
curl: (6) Could not resolve host: agents.italpannelli.it
[DBUG] Scanning IIS site bindings for hosts
[VERB] 1 named bindings found in IIS
[DBUG] Filtering by site(s) [1]
[VERB] 1 bindings remaining after site filter
[VERB] No host filter applied
[VERB] 1 matching binding found
[DBUG] Scanning IIS sites
[VERB] Adding 8.8.8.8 as DNS server
[VERB] Adding 1.1.1.1 as DNS server
[VERB] Adding 8.8.4.4 as DNS server
[VERB] Targeted convert into 1 order(s)
[INFO] Force renewing certificate for [IIS] Default Web Site, (any host)
[VERB] Handle order 1/1: Main
[VERB] Creating order for hosts: ["DnsName: agenti.italpannelli.it"]
[VERB] Constructing ACME protocol client...
[DBUG] Send GET request to https://acme-v02.api.letsencrypt.org/directory
[VERB] Request completed with status OK
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Signer_v2
[DBUG] Loading account from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Registration_v2
[VERB] Using existing ACME account
[VERB] ACME client initialized
[DBUG] Send HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce
[VERB] Request completed with status OK
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/new-order
[VERB] Request completed with status Created
[VERB] Order https://acme-v02.api.letsencrypt.org/acme/order/128930115/27630889230 created
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/34856458480
[VERB] Request completed with status OK
[VERB] Handle authorization 1/1
[INFO] [agenti.italpannelli.it] Authorizing...
[VERB] [agenti.italpannelli.it] Initial authorization status: pending
[VERB] [agenti.italpannelli.it] Challenge types available: ["http-01", "dns-01", "tls-alpn-01"]
[VERB] [agenti.italpannelli.it] Initial challenge status: pending
[INFO] [agenti.italpannelli.it] Authorizing using http-01 validation (SelfHosting)
[VERB] Starting commit stage
[VERB] Commit was succesful
[DBUG] [agenti.italpannelli.it] Submitting challenge answer
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34856458480/DjWxbg
[VERB] Request completed with status OK
[DBUG] Refreshing authorization (1/15)
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34856458480/DjWxbg
[VERB] Request completed with status OK
[DBUG] Refreshing authorization (2/15)
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34856458480/DjWxbg
[VERB] Request completed with status OK
[DBUG] Refreshing authorization (3/15)
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/34856458480/DjWxbg
[VERB] Request completed with status OK
[EROR] [agenti.italpannelli.it] Authorization result: invalid
[EROR] [agenti.italpannelli.it] {
"type": "urn:ietf:params:acme:error:connection",
"detail": "Fetching http://agenti.italpannelli.it/.well-known/acme-challenge/CVwbeLJwR9AOhwx-ajUHhjDrtVSmTWlPdE__fxH8St8: Timeout during connect (likely firewall problem)",
"status": 400
}
[VERB] Starting post-validation cleanup
[VERB] Post-validation cleanup was succesful
[EROR] Renewal for [IIS] Default Web Site, (any host) failed, will retry on next run
[VERB] Exiting with status code -1