Server status 403 - invlaid

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dd-services.com

I ran this command: GetCert2.exe

It produced this output:
2020-03-29 10:33:04:365 AM Stage 5 - generate certificate request and submit …
2020-03-29 10:33:04:443 AM
2020-03-29 10:33:04:506 AM Using Module “C:\Install\work\GetCert2-master\GetCert2-master\GetCertClient\bin\Release\ACME-PS”

$global:certKey = New-ACMECertificateKey -Path “C:\Install\work\GetCert2-master\GetCert2-master\GetCertClient\bin\Release\AcmeState\cert.key.xml”
Complete-ACMEOrder $global:state -Order $global:order
2020-03-29 10:33:06:696 AM Server returned problem (Status: 403).
2020-03-29 10:33:06:696 AM @{type=urn:ietf:params:acme:error:orderNotReady; detail=Order’s status (“invalid”) is not acceptable for finalization;
2020-03-29 10:33:06:711 AM status=403}
2020-03-29 10:33:06:727 AM At C:\Install\work\GetCert2-master\GetCert2-master\GetCertClient\bin\Release\InGetCertSession.ps1:14 char:5
2020-03-29 10:33:06:743 AM + Invoke-Command -Session $GetCertSession -ScriptBlock { & $args[0] …
2020-03-29 10:33:06:758 AM + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2020-03-29 10:33:06:758 AM + CategoryInfo : OperationStopped: (Server returned…on; status=403}:String) , RuntimeException
2020-03-29 10:33:06:774 AM + FullyQualifiedErrorId : Server returned problem (Status: 403).
2020-03-29 10:33:06:790 AM @{type=urn:ietf:params:acme:error:orderNotReady; detail=Order’s status (“invalid”) is not acceptable for finalizat
2020-03-29 10:33:06:805 AM ion; status=403}
2020-03-29 10:33:06:821 AM
2020-03-29 10:33:06:915 AM
2020-03-29 10:33:08:899 AM
2020-03-29 10:33:08:978 AM At least one stage failed (or the process was stopped). Check log for errors.

My web server is (include version): IIS v10

The operating system my web server runs on is (include version): Windows Server 2016 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @defting

if your Letsencrypt client tries to finalize an order, but the order status is invalid, your client is buggy.

Check, if there is a client update or switch to another client.

Thanks for the replay @JuergenAuer
There was an updated client but it did the same thing. Can you recommend another client for Windows?

Thanks,

You can find a list of ACME client implementations for Windows/IIS here:
ACME Client Implementations - Let's Encrypt

Please keep in mind,

The ACME clients are offered by third parties. Let’s Encrypt does not control or review third party clients and cannot make any guarantees about their safety or reliability.

Misconfigured DNS was the culprit.

I figured out the problem by using a different client (Certify The Web) that had somewhat better error reporting.

Thanks for everyone’s help!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.