Replace SSL certificate

My domain

My web server is (include version):IIS
The operating system my web server runs on is (include version):Windows Server 2016 (Version 1607)

My hosting provider, if applicable, is:Privat

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):Remotedesktop / Home PC


First I would like to apologize for my bad english (google Translate).
To my problem, I have installed on my Windows 2016 Server Let’s Encrypt.
It works and the installation went well without problems.
Now, however, runs in a few days my certificate and I wanted it to renew or renew.
Unfortunately, I get only the following error:

The ACME server was not able to reach
Check in a browser to see if the file is being served correctly.

This could be because IIS is not set up to handle extensionless static
files. Here’s how to fix that:

  1. In IIS manager goto Site / Server-> Handler Mappings-> View Ordered List
  2. Move the StaticFile mapping above the ExtensionlessUrlHandler mappings.
    (Like this
  3. If you need to make changes to your web.config file, update the one
    At C: \ inetpub \ Lets Encrypt New \ web_config.xml

I have tested or tested the following:
Firewall settings are all right
The StaticFile I have also set via the ExtensionlessUrlHandler mappings

This link had also extended the SSL certificate at the time of the attempt
"The ACME server was not able to reach"

I hope someone can help me.

Thanks Mellhouse

You seem to have IPv4 and IPv6 records for that name and the server is likely not configured for IPv6 (returns 404). Looks similar to Certbot - IPV6 Address on Domain Misconfigured and Challenges Fail (Prefer IPV6)

You’re probably missing an IPv6 binding in IIS Manager. Right-click on the “web site” in the left pane of IIS Manager and choose Edit Bindings… and make sure either the IP address is set to * so it listens on all interfaces or add your IPv6 address to the list alongside your IPv4 address.

If that doesn’t resolve the problem the AAAA record for this domain is probably incorrect and needs to be fixed or removed.


The IP address for the bindings was the problem.
Have they assigned to no IP address and the SSL certificates have been extended.

Thanks Mellhouse

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.