Hi @ahaw021,
I’m NOT using the LE api. I’m using the Windows client, letsencrypt-win-simple (I’ll abbreviate to LWS for this message), with only its “–san” parameter. So all of the challenge values are generated automatically.
From the output of LWS, I can see that each challenge has a separate value - like this:
Authorizing Identifier MY-SERVER-NAME.businessdts.com Using Challenge Type http-01
Writing challenge answer to C:\inetpub\wwwroot.well-known/acme-challenge/1Gv7TObeA1SCG2ydPSGlzUE00fOX_UAJwTvTyqgBIKQ
Writing web.config to add extensionless mime type to C:\inetpub\wwwroot.well-known\acme-challenge\web.config
Answer should now be browsable at http://MY-SERVER-NAME.businessdts.com/.well-known/acme-challenge/1Gv7TObeA1SCG2ydPSGlzUE00fOX_UAJwTvTyqgBIKQ
Submitting answer
Refreshing authorization
Authorization Result: invalid
The ACME server was probably unable to reach http://MY-SERVER-NAME.businessdts.com/.well-known/acme-challenge/1Gv7TObeA1SCG2ydPSGlzUE00fOX_UAJwTvTyqgBIKQ
Check in a browser to see if the answer file is being served correctly.
This could be caused by IIS not being setup to handle extensionless static
files. Here’s how to fix that:
- In IIS manager goto Site/Server->Handler Mappings->View Ordered List
- Move the StaticFile mapping above the ExtensionlessUrlHandler mappings.
(like this http://i.stack.imgur.com/nkvrL.png)
- If you need to make changes to your web.config file, update the one
at C:\Program Files (x86)\letsencrypt-win-simple\web_config.xml
Authorizing Identifier mail.businessdatatransfer.com Using Challenge Type http-01
Writing challenge answer to C:\inetpub\wwwroot.well-known/acme-challenge/CgXIdvJSWecjhD4F5V0RY1L_8-sdYuJmM9xCpUyIexU
Writing web.config to add extensionless mime type to C:\inetpub\wwwroot.well-known\acme-challenge\web.config
Answer should now be browsable at http://mail.businessdatatransfer.com/.well-known/acme-challenge/CgXIdvJSWecjhD4F5V0RY1L_8-sdYuJmM9xCpUyIexU
Submitting answer
Refreshing authorization
Authorization Result: invalid
The ACME server was probably unable to reach http://mail.businessdatatransfer.com/.well-known/acme-challenge/CgXIdvJSWecjhD4F5V0RY1L_8-sdYuJmM9xCpUyIexU
Check in a browser to see if the answer file is being served correctly.
This could be caused by IIS not being setup to handle extensionless static
files. Here’s how to fix that:
- In IIS manager goto Site/Server->Handler Mappings->View Ordered List
- Move the StaticFile mapping above the ExtensionlessUrlHandler mappings.
(like this http://i.stack.imgur.com/nkvrL.png)
- If you need to make changes to your web.config file, update the one
at C:\Program Files (x86)\letsencrypt-win-simple\web_config.xml
As you can see; MY-SERVER-NAME.businessdts.com failed, (even though businessdts.com is the base domain of our Windows server). But the challenges for MY-SERVER-NAME.other-domains-pointing-to-businessdts.com were successful.
On the other hand, mail.businessdts.com succeeded, but the mail and smtp sub-domains failed for all of our other domains.
We own all four domains and I’m able to make DNS changes for all of them.
(NOTE: During an LWS run with the parameters “–san --test”, ALL domain mappings were successful.)
Does this information help, @ahaw021?
Thanks,
@CBruce
