Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
Does the HTTP site work from the Internet?
If so, can you create the challenge path and place a test text file in that location; So that we can see if it can be accessed from the Internet.
[make sure NOT to use any extension on the file OR place two files (one with no extension and one with .txt extension)]
Hi RG305, No the web server is not accessible from the internet. It is solely an internal website, it our Intranet. I have to have it secured for PCI compliance. As far as the "Unknown Hostname" location response they are our Ecommerce Web Store which has ben acquired bi Billtrust. I am not sure why that is coming up, it sometimes shows up when I try to browse to my Intranet using the FQDN.
Yes the resoution is to use a DNS challenge instead of http as @Bruce5051 says. Note that if you do use DNS validation you can also acquire your cert on any machine/server you like, then deploy the certificate to your intranet (either manually or scripted etc).
Sorry for the delay I got stuck on a different project. When I run the WACS.exe I think it's hitting my domain server and not Dotster.com where my domain name is hosted. Can I run the command from a computer that resides out side of my company and then move the cert to my intranet server?
OK I am still having an issue, I setup the txt challange record on Dotster.com. When I use mxtoolbox I
can see the txt record but when I run the script it does not find it and returns "Preliminary validation failed: no TXT records found The correct record has not yet been found by the local resolver." Why can mxtoolbox see the record but WACS cannot.
"Preliminary validation" suggests that WACS is trying to resolve the TXT record itself before it'll instruct the LE validation server to validate it. This could be due to incorrect DNS settings in WACS perhaps?