Some challenges have failed

Help
1

I have create a Acme server on Venafi and using CertBOT client for cert automation. However Venafi supports says this Certbot client issue.Port 80 is checked and it is on place. A record is in place. Please suggest if.

My domain is:Sxxxxx2.xxxx.xxxx

I ran this command:certbot certonly --webroot --server https://xxxx.xxx.xxx/ --cert-name FirstACMETEST --domains SESrrrfgklh.xxxxx --webroot-path "C:\inetpub\wwwroot

It produced this output:Saving debug log to C:\Certbot\log\letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Requesting a certificate for
Performing the following challenges:
http-01 challenge for xxxxxxxxxxxx
Using the webroot path C:\inetpub\wwwroot for all unmatched domains.
Waiting for verification...
e[31mChallenge failed for domain xxxxxxxxxxe[0m
Cleaning up challenges
e[31mSome challenges have failed.e[0m

My web server is (include version): Windows server 2016 standard

The operating system my web server runs on is (include version):Windows server 2016 standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):certbot 1.15.0

2

You may need to first create c:\inetpub\wwwroot\.well-known\web.config with these contents:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
     <system.webServer>
         <staticContent>
             <mimeMap fileExtension="." mimeType="text/xml" />
         </staticContent>
     </system.webServer>
</configuration>

Otherwise, IIS won't want to serve the challenge files up.

(This is all assuming the Ericsson ACME server can resolve your domain - it's not resolving in normal DNS).

4

Yes created a web.config file as stated and placed it on. C:\inetpub\wwwroot.well-known\acme-challenge but still didn't work. Yes DNS is resolving from ACME server

5

I see.

To check if the web.config file is working, you could try manually create this file (with no file extension):

c:\inetpub\wwwroot\.well-known\acme-challenge\test123

and then try access it in your browser at http://sessstiam02.pegad.ericsson.se/.well-known/acme-challenge/test123.

If that works, Certbot should work too.

1 Like
7

Hi @Rapi

that's not a Letsencrypt relevant question. So this forum is the wrong place.

PS:

Is that ACME-v1? If yes, that may not work with a new Certbot.

8

Thanks! Well It is V1 and it worked on Linux. Is the restriction for Windows machine specifically

9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.