Status 400 Error on renew

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.surestartplay.co.uk

I ran this command: Renew All (Using Lets Encrypt Win Simple 1.9.2)

It produced this output:

[INFO] Renewing certificate for www.surestartplay.co.uk
[INFO] Authorize identifier: www.surestartplay.co.uk
[INFO] Authorizing www.surestartplay.co.uk using http-01 validation (FileSystem
)
[INFO] Answer should now be browsable at http://www.surestartplay.co.uk/.well-k
nown/acme-challenge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:connection
[EROR] [detail] Fetching http://www.surestartplay.co.uk/.well-known/acme-challe
nge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE: Timeout during connect (likely
firewall problem)
[EROR] [status] 400
[EROR] Renewal for www.surestartplay.co.uk failed, will retry on next run

My web server is (include version): Microsoft Its

The operating system my web server runs on is (include version): Windows Server R2 Datacenter

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The .well-known file is created in the web-root, and it is externally accessible:

http://www.surestartplay.co.uk/.well-known/acme-challenge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE

The firewall allows ports 80 and 443.

I have also tried running this with the firewall turned off, with the same result.

I have also disabled the requirement within IIS for HTTPS, so that it does not re-direct.

I have tried creating a new certificate, and renewing the current one with the same error result.

Hi @rmtweb

I have http - timeouts (checked with surestartplay.co.uk - Make your website better - DNS, redirects, mixed content, certificates ):

Domainname Http-Status redirect Sec. G
http://www.surestartplay.co.uk/
52.48.45.98 -14 10.030 T
Timeout - The operation has timed out
https://www.surestartplay.co.uk/
52.48.45.98 200 1.733 N
Certificate error: RemoteCertificateChainErrors
http://www.surestartplay.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
52.48.45.98 -14 10.027 T
Timeout - The operation has timed out

https works, but http is required to use http-01 - validation. And there is a timeout.

Perhaps share a screenshot of your bindings - settings.

1 Like

Both bindings are there, and using a web browser I can browse to the http version of the site using my web browser and have tried from multiple other servers, all with success.

The http version is fully browsable, as shown.

I don’t know what you have fixed, but thank you - it just renewed!

1 Like

Now it works - http + https (with the www-version) and the test under /.well-known/acme-challenge.

I didn't fix something. Now your server is online.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.