Status 400 Error on renew


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command: Renew All (Using Lets Encrypt Win Simple 1.9.2)

It produced this output:

[INFO] Renewing certificate for
[INFO] Authorize identifier:
[INFO] Authorizing using http-01 validation (FileSystem
[INFO] Answer should now be browsable at
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:connection
[EROR] [detail] Fetching
nge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE: Timeout during connect (likely
firewall problem)
[EROR] [status] 400
[EROR] Renewal for failed, will retry on next run

My web server is (include version): Microsoft Its

The operating system my web server runs on is (include version): Windows Server R2 Datacenter

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The .well-known file is created in the web-root, and it is externally accessible:

The firewall allows ports 80 and 443.

I have also tried running this with the firewall turned off, with the same result.

I have also disabled the requirement within IIS for HTTPS, so that it does not re-direct.

I have tried creating a new certificate, and renewing the current one with the same error result.


Hi @rmtweb

I have http - timeouts (checked with ):

Domainname Http-Status redirect Sec. G -14 10.030 T
Timeout - The operation has timed out 200 1.733 N
Certificate error: RemoteCertificateChainErrors -14 10.027 T
Timeout - The operation has timed out

https works, but http is required to use http-01 - validation. And there is a timeout.

Perhaps share a screenshot of your bindings - settings.


Both bindings are there, and using a web browser I can browse to the http version of the site using my web browser and have tried from multiple other servers, all with success.


The http version is fully browsable, as shown.


I don’t know what you have fixed, but thank you - it just renewed!


Now it works - http + https (with the www-version) and the test under /.well-known/acme-challenge.


I didn’t fix something. Now your server is online.

closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.