Status invalid when requesting certificater

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: xceed.be

I'm using challenge:C:\HCL\Domino\data\domino\html.well-known\acme-challenge\PUHiHjNS9KKylgghcH3OJcWnG8EUCB18cuMplVg6DnY

It produced this output: Order's status ("invalid") is not acceptable for finalization

My web server is (include version): HCL Domino V11.0.1FP1

The operating system my web server runs on is (include version): Windows Server 2016

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hi @debisschopk

if you have that error message:

  • You use a buggy client (or)
  • You do some steps manual, but in the wrong order.

But there is no information about your ACME-client.

PS:

http://xceed.be/.well-known/acme-challenge/PUHiHjNS9KKylgghcH3OJcWnG8EUCB18cuMplVg6DnY

doesn't answer, so your order is invalid, so you can't do the next step. You are doing the next step -> that's your error message.

1 Like

Hi,

I'm not sure if there's any copy and paste issue, but the path need to have a \ separate your html and .well-known.

1 Like

I was redirecting HTTP to HTTPS, that's why it didn't work

This doesn't make sense if you didn't allow any connection to port 80. If your clients are initiating connection from their end, they (as well as Let's Encrypt) will always try to connect to port 80 (http) first.

My test showed that your port 80 is filtered, and port 443 is actively listening to connection.
So if you wish to use HTTP-01 authorization, please allow traffic/connection to port 80. You can then make a blanketed redirect to https then.

1 Like

That's

not the problem.

Your port 80 doesn't answer. So that redirect isn't visible.

Checking your domain Letsencrypt starts with port 80 (and may follow redirects) -> port 80 doesn't answer -> the challenge is invalid.

A working port 80 is required if you want to use http validation.

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.