Renewal not working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: cldsl.ca

I ran this command: cerfiticate renewal

It produced this output: 2019-07-30 08:57:49.585 -05:00 [INF] Checking automated challenge response for Domain: mail.cldsl.ca
2019-07-30 08:57:50.903 -05:00 [INF] Invalid response from http://mail.cldsl.ca/.well-known/acme-challenge/p6tbOUP9fCeCRpP9l-qqk-nOYdjVSWLs6EybM0fUIeI [67.226.238.52]: "\r\n<html xmlns=“http”
2019-07-30 08:57:52.761 -05:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://mail.cldsl.ca/.well-known/acme-challenge/p6tbOUP9fCeCRpP9l-qqk-nOYdjVSWLs6EybM0fUIeI [67.226.238.52]: "\r\n<html xmlns=“http”
2019-07-30 08:57:52.761 -05:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://mail.cldsl.ca/.well-known/acme-challenge/p6tbOUP9fCeCRpP9l-qqk-nOYdjVSWLs6EybM0fUIeI [67.226.238.52]: "\r\n<html xmlns=“http”
2019-07-30 09:25:52.074 -05:00 [INF] Previous renewals failed: 25. Renewal will be attempted within 48hrs.
2019-07-30 09:26:17.305 -05:00 [INF] Previous renewals failed: 25. Renewal will be attempted within 48hrs.

My web server is (include version): IIS 7

The operating system my web server runs on is (include version): Server 2008 R2

My hosting provider, if applicable, is: selft hosted

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @kernal

checking your domain there is one older certificate ( https://check-your-website.server-daten.de/?q=mail.cldsl.ca#ct-logs ):

Issuer not before not after Domain names LE-Duplicate next LE
Let's Encrypt Authority X3 2019-06-17 2019-09-15 cldsl.ca, mail.cldsl.ca, www.cldsl.ca - 3 entries

Are there any configuration changes between 2019-06-17 and now?

You use an IIS: Find the webroot of your subdomain, create the two subdirectories

/.well-known/acme-challenge

there a file (file name 1234 without extension), then try to load that file via

 http://mail.cldsl.ca/.well-known/acme-challenge/1234

and use the online tool to check that file.

The error message is "only" an internal pre-check, not the result of the Letsencrypt check.

Perhaps you have some wrong local dns entries.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.