Status 400 Error on renew


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: www.surestartplay.co.uk

I ran this command: Renew All (Using Lets Encrypt Win Simple 1.9.2)

It produced this output:

[INFO] Renewing certificate for www.surestartplay.co.uk
[INFO] Authorize identifier: www.surestartplay.co.uk
[INFO] Authorizing www.surestartplay.co.uk using http-01 validation (FileSystem
)
[INFO] Answer should now be browsable at http://www.surestartplay.co.uk/.well-k
nown/acme-challenge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE
[EROR] Authorization result: invalid
[EROR] ACME server reported:
[EROR] [type] urn:acme:error:connection
[EROR] [detail] Fetching http://www.surestartplay.co.uk/.well-known/acme-challe
nge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE: Timeout during connect (likely
firewall problem)
[EROR] [status] 400
[EROR] Renewal for www.surestartplay.co.uk failed, will retry on next run

My web server is (include version): Microsoft Its

The operating system my web server runs on is (include version): Windows Server R2 Datacenter

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The .well-known file is created in the web-root, and it is externally accessible:

http://www.surestartplay.co.uk/.well-known/acme-challenge/dQnAA_6xKbuaX4kbqjqgz_oLXerCIHEhQcuupKsiNkE

The firewall allows ports 80 and 443.

I have also tried running this with the firewall turned off, with the same result.

I have also disabled the requirement within IIS for HTTPS, so that it does not re-direct.

I have tried creating a new certificate, and renewing the current one with the same error result.


#2

Hi @rmtweb

I have http - timeouts (checked with https://check-your-website.server-daten.de/?q=surestartplay.co.uk ):

Domainname Http-Status redirect Sec. G
http://www.surestartplay.co.uk/
52.48.45.98 -14 10.030 T
Timeout - The operation has timed out
https://www.surestartplay.co.uk/
52.48.45.98 200 1.733 N
Certificate error: RemoteCertificateChainErrors
http://www.surestartplay.co.uk/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de
52.48.45.98 -14 10.027 T
Timeout - The operation has timed out

https works, but http is required to use http-01 - validation. And there is a timeout.

Perhaps share a screenshot of your bindings - settings.


#3

Both bindings are there, and using a web browser I can browse to the http version of the site using my web browser and have tried from multiple other servers, all with success.


#4

The http version is fully browsable, as shown.


#5

I don’t know what you have fixed, but thank you - it just renewed!


#6

Now it works - http + https (with the www-version) and the test under /.well-known/acme-challenge.


#7

I didn’t fix something. Now your server is online.


closed #8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.