Dear community,
I want to issue a SSL certificate for an Intranet server which is only accessible from the internal network.
The domain name was changed to DOMAIN
The key was changed to KEY
The acutal server IP was changed to IP
My domain is: an internal LAN server
I ran this command: see description above
It produced this output: see description above
My web server is (include version): IIS 10
The operating system my web server runs on is (include version): Windows Server 2019
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I used win acmp for issuing the certificate and it seemed to work out well, but then came up with the following error:
[DBUG] Scanning IIS site bindings for hosts
[VERB] 1 named bindings found in IIS
[DBUG] Filtering by site(s) [3]
[VERB] 1 bindings remaining after site filter
[VERB] No host filter applied
[VERB] 1 matching binding found
[DBUG] Scanning IIS sites
[VERB] Checking [IIS] Intranet, (any host)
[VERB] Creating certificate order for hosts: [“DOMAIN”]
[VERB] Loading ACME account signer…
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Signer_v2
[VERB] Constructing ACME protocol client…
[DBUG] Send GET request to https://acme-v02.api.letsencrypt.org/directory
[VERB] Request completed with status OK
[DBUG] Send HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce
[VERB] Request completed with status OK
[DBUG] Loading account information from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Registration_v2
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/new-order
[VERB] Request completed with status Created
[VERB] Order https://acme-v02.api.letsencrypt.org/acme/order/81633384/2788681112 created
[VERB] Handle authorization 1/2
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/authz-v3/3580772584
[VERB] Request completed with status OK
[INFO] Authorize identifier: DOMAIN
[VERB] Challenge types available: [“http-01”, “dns-01”, “tls-alpn-01”]
[INFO] Authorizing DOMAIN using dns-01 validation (Manual)
Domain: DOMAIN
Record: _acme-challenge.DOMAIN
Type: TXT
Content: “KEY”
Note: Some DNS managers add quotes automatically. A single set
is needed.
Please press after you’ve created and verified the record
[VERB] Querying server IP about com
[DBUG] Querying name servers for com
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192…identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192…identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying IP for name server
[VERB] Name server IP 192… identified
[VERB] Querying server 192… about xxxxx.com
[DBUG] Querying name servers for xxxxx.com
[WARN] Unable to find or contact authoritative name servers for _acme-challenge.DOMAIN: No connection could be established to any of the following name servers: 192… (Udp: 512).
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[INFO] Preliminary validation succeeded
[INFO] Answer should now be available at _acme-challenge.DOMAIN
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[DBUG] Preliminary validation will now check name server IP
[DBUG] Preliminary validation at IP looks good!
[INFO] Preliminary validation succeeded
[DBUG] Submitting challenge answer
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3580772584/hPJSFQ
[VERB] Request completed with status BadRequest
[WARN] First chance error calling into ACME server, retrying with new nonce…
[DBUG] Send HEAD request to https://acme-v02.api.letsencrypt.org/acme/new-nonce
[VERB] Request completed with status OK
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3580772584/hPJSFQ
[VERB] Request completed with status OK
[DBUG] Refreshing authorization (1/5)
[DBUG] Send POST request to https://acme-v02.api.letsencrypt.org/acme/chall-v3/3580772584/hPJSFQ
[VERB] Request completed with status OK
[EROR] {
“type”: “urn:ietf:params:acme:error:dns”,
“detail”: “DNS problem: NXDOMAIN looking up TXT for _acme-challenge.DOMAIN - check that a DNS record exists for this domain”,
“status”: 400
}
[EROR] Authorization result: invalid
[VERB] Starting post-validation cleanup
Domain: DOMAIN
Record: _acme-challenge.DOMAIN
Type: TXT
Content: “KEY”
Thanks in advance for your help!