Renew certification problem Simple windows ACME client


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:bluebay.gr

I ran this command: letsencrypt.exe --accepttos --manualhost www.bluebay.gr --webroot D:\HostingSpaces\bluebay\bluebay.gr\wwwroot

It produced this output: authorization failed invalid
The ACME server was probably unable to reach http://www.bluebay.gr/.well-known/acme-challenge/v2aWidM5w1dnRKYUmxVhYYcvstgqZkg3CjifVF8sWpk

My web server is (include version): IIS 8.5

The operating system my web server runs on is (include version): windows server 2012 R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):


#2

Hi @gchristakis

your validation fails. But your /.well-known/acme-challenge looks ok (checked via https://check-your-website.server-daten.de/?q=bluebay.gr ).


Domainname Http-Status redirect Sec. G
http://bluebay.gr/
178.33.170.32 200 0.380 H
http://www.bluebay.gr/
178.33.170.32 200 0.327 H
https://bluebay.gr/
178.33.170.32 -4 0.120 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
https://www.bluebay.gr/
178.33.170.32 -4 0.107 W
SendFailure - The underlying connection was closed: An unexpected error occurred on a send. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://bluebay.gr:443/
178.33.170.32 -3 0.107 A
ReceiveFailure - The underlying connection was closed: An unexpected error occurred on a receive. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://www.bluebay.gr:443/
178.33.170.32 -3 0.107 A
ReceiveFailure - The underlying connection was closed: An unexpected error occurred on a receive. Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
http://bluebay.gr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
178.33.170.32 404 0.067 A
Not Found
http://www.bluebay.gr/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
178.33.170.32 404 0.060 A
Not Found

Your server sends a 404.

So one thing: Create the two subdirectories

D:\HostingSpaces\bluebay\bluebay.gr\wwwroot\.well-known\acme-challenge

there a simple text file (file name 1234 without extension) and test, if you can load this file via

http://www.bluebay.gr/.well-known/acme-challenge/1234

Perhaps you need a mimetype definition to allow files without extension.

But there is another problem, this is critical.

Your domain has CAA entries:

CAA - Entries

Domainname flag Name Value ∑ Queries ∑ Timeout
www.bluebay.gr 5 issue comodoca.com 1 0
bluebay.gr 5 issue comodoca.com 1 0
gr 0 no CAA entry found 1 0

So Letsencrypt isn’t allowed to create a certificate with bluebay.gr as domain name, only comodoca.


#3

Thanks for your quick response

How can I remove those CAA entries?


#4

Check your nameserver settings. There are CAA entries with this value. Remove these or change these to

issue letsencrypt.org

closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.