Renewal failed in IIS

mco.marcelo · April 9, 2020, 7:17pm

Hi;
My renewal process failed with “Authorization failed” errors:

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: https://login.thetrianglegroup.com/softweb/

I ran this command: wasc.exe ( S- renew specific)

It produced this output:

ERROR Authorization result: pending
ERROR Renewal for [IIS] site 1 (any host) failed, will retry on next run

My web server is (include version):
IIS Version 8.5

The operating system my web server runs on is (include version):
Windows server 2012R2

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):
No

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
Using IIS

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

JuergenAuer · April 9, 2020, 8:18pm

Hi @mco.marcelo

there is a check of your domain, ~~2 hours old - https://check-your-website.server-daten.de/?q=login.thetrianglegroup.com

There you see the problem. Port 80 -> timeout.

The comment:

Fatal: Check of /.well-known/acme-challenge/random-filename has a timeout. Creating a Letsencrypt certificate via http-01 challenge can't work. You need a running webserver (http) and an open port 80. If it's a home server + ipv4, perhaps a correct port forwarding port 80 extern ⇒ working port intern is required. Port 80 / http can redirect to another domain port 80 or port 443, but not other ports. If it's a home server, perhaps your ISP blocks port 80. Then you may use the dns-01 challenge.

mco.marcelo · April 9, 2020, 10:27pm

Thanks for your answer;
there was a rule on IIS to force HHTP traffic to HTTPS so I disabled.
Unfortunately, still have the same error

JuergenAuer · April 10, 2020, 6:01am

That's expected. You have to fix your timeout error. The online check must show an answer.

mco.marcelo · April 10, 2020, 11:27pm

Hi;
The issue is resolved; it was a rule to http in our firewall disabled;
@JuergenAuer; Thank you so much for your quick response

system · May 10, 2020, 11:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.