Renewals failing with timeout of challenge

My domain is: kamarweb.mcglashan.school.nz

I ran this command: GetSSL.ps1 it the Downloads - Blue Feather script for Filemaker

It produced this output: I've lost the exact output, but it can't do the challenge, as it says timeout when trying to access the file in the acme challenge folder in the .wellknown folder, I can see the file get made, and then it gets deleted once the renewal fails. I it's because of the 80 to 8080 url rewrite, but I don't see that rule clearly in the list of rules FM seems to add. I can see the old files in that folder externally but it redirects to the https version. I also tried a web.config with redirects disabled, but the renewal replaces that file every time, and dies if it can't replace it (I made the web.config readonly = fail)

My web server is (include version): IIS 10 and Filemaker

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): updated the le64, to fix a different error, and now get this renewal issue

ideally if I can get the site back up on https, then I can fix properly next week when my vacation finishes! thanks for reading this far!

Welcome to the community @craig.knights

I cannot reach your site using http or https. And, neither can Let's Debug.

I cannot speak to the other items you mention but your site must be reachable by HTTP (port 80) to satisfy the http challenge. Be sure to check firewall settings.

3 Likes

OK. Fixed it now

A friend in another continent confirmed he couldn't see it either.

Port forwards at our ISP were incorrect.

Thanks very much!
Craig

2 Likes

I assume that scripted worked OK but I just looked at it and it has at least one hardcoded expired intermediate certificate.

It looks like the key line of code that imports the cert into Filemaker is:

.\fmsadmin certificate import $certPath --keyfile $keyPath --intermediateCA $intermediaryPath -y;

So with that you could probably use any other ACME tool to get and apply your cert (if required).

It writes the http challenges out to C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf\.well-known\acme-challenge\ so for the purposes of using any other tool, the webroot would be C:\Program Files\FileMaker\FileMaker Server\HTTPServer\conf\

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.