Renew certification problem Simple windows ACME client

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:bluebay.gr

I ran this command: letsencrypt.exe --accepttos --manualhost www.bluebay.gr --webroot D:\HostingSpaces\bluebay\bluebay.gr\wwwroot

It produced this output: authorization failed invalid
The ACME server was probably unable to reach http://www.bluebay.gr/.well-known/acme-challenge/v2aWidM5w1dnRKYUmxVhYYcvstgqZkg3CjifVF8sWpk

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): windows server 2012 R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Hi @gchristakis

your validation fails. But your /.well-known/acme-challenge looks ok (checked via https://check-your-website.server-daten.de/?q=bluebay.gr ).


Domainname Http-Status redirect Sec. G
http://bluebay.gr/
178.33.170.32 200 0.380 H
http://www.bluebay.gr/
178.33.170.32 200 0.327 H
https://bluebay.gr/
178.33.170.32 -4 0.120 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
https://www.bluebay.gr/
178.33.170.32 -4 0.107 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://bluebay.gr:443/
178.33.170.32 -3 0.107 A
ReceiveFailure - The underlying connection was closed: An unexpected error occurred on a receive. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://www.bluebay.gr:443/
178.33.170.32 -3 0.107 A
ReceiveFailure - The underlying connection was closed: An unexpected error occurred on a receive. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://bluebay.gr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
178.33.170.32 404 0.067 A
Not Found
http://www.bluebay.gr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
178.33.170.32 404 0.060 A
Not Found

Your server sends a 404.

So one thing: Create the two subdirectories

D:\HostingSpaces\bluebay\bluebay.gr\wwwroot\.well-known\acme-challenge

there a simple text file (file name 1234 without extension) and test, if you can load this file via

http://www.bluebay.gr/.well-known/acme-challenge/1234

Perhaps you need a mimetype definition to allow files without extension.

But there is another problem, this is critical.

Your domain has CAA entries:

CAA - Entries

Domainname flag Name Value ∑ Queries ∑ Timeout
www.bluebay.gr 5 issue comodoca.com 1 0
bluebay.gr 5 issue comodoca.com 1 0
gr 0 no CAA entry found 1 0

So Letsencrypt isn't allowed to create a certificate with bluebay.gr as domain name, only comodoca.

Thanks for your quick response

How can I remove those CAA entries?

Check your nameserver settings. There are CAA entries with this value. Remove these or change these to

issue letsencrypt.org

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.