Renewals failing with timeout of challenge

My domain is:

I ran this command: GetSSL.ps1 it the Downloads - Blue Feather script for Filemaker

It produced this output: I've lost the exact output, but it can't do the challenge, as it says timeout when trying to access the file in the acme challenge folder in the .wellknown folder, I can see the file get made, and then it gets deleted once the renewal fails. I it's because of the 80 to 8080 url rewrite, but I don't see that rule clearly in the list of rules FM seems to add. I can see the old files in that folder externally but it redirects to the https version. I also tried a web.config with redirects disabled, but the renewal replaces that file every time, and dies if it can't replace it (I made the web.config readonly = fail)

My web server is (include version): IIS 10 and Filemaker

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): updated the le64, to fix a different error, and now get this renewal issue

ideally if I can get the site back up on https, then I can fix properly next week when my vacation finishes! thanks for reading this far!

Welcome to the community @craig.knights

I cannot reach your site using http or https. And, neither can Let's Debug.

I cannot speak to the other items you mention but your site must be reachable by HTTP (port 80) to satisfy the http challenge. Be sure to check firewall settings.


OK. Fixed it now

A friend in another continent confirmed he couldn't see it either.

Port forwards at our ISP were incorrect.

Thanks very much!


I assume that scripted worked OK but I just looked at it and it has at least one hardcoded expired intermediate certificate.

It looks like the key line of code that imports the cert into Filemaker is:

.\fmsadmin certificate import $certPath --keyfile $keyPath --intermediateCA $intermediaryPath -y;

So with that you could probably use any other ACME tool to get and apply your cert (if required).

It writes the http challenges out to C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf\.well-known\acme-challenge\ so for the purposes of using any other tool, the webroot would be C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf\


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.