The Lets Encrypt ACME server was probably unable to reach

Help
1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: factorone.galileo.ba

I ran this command: Unable to reach http://factorone.galileo.ba/.well-known/acme-challenge/NmCIsDmzxPk2KeYIlHUXzJRWOBVxHghQfPEvLgLh4dE

It produced this output:

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows server 2016

My hosting provider, if applicable, is: hteronet.ba/

I can login to a root shell on my machine (yes or no, or I don’t know):I dont know

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): IIS 10

After 5 tryes now i get that I hit the limit.

Is there any option so i can delete limit of override it. my certificate will expire before limit time ends.
Thanks

2

Your certificate expires in 7 days. The failed validation rate limit is only 1 hour. Don't worry.

What command did you run? What software did you use to try to issue the certificate?

3

Thanks. I didn’t saw that expiration limit is 1 hour.
This is happened because i tried to renew certificate manually as always but i got error:
“The ACME server was probably unable to reach http://factorone.galileo.ba/.well-known/acme-challenge/XYZ” i can see challenge in folder but i cannot see it on http over browser. What can I do with this problem?
Last renewal before 3 months worked like a charm.

4

Working over Powershell as admininstrator.
C:\letsencrypt\letsencrypt-win-simple
letsencrypt.exe --san --centralsslstore C:\Central_SSL
and add my domain to get certificate and send it to %SystemDrive%\inetpub\wwwroot
After that i got:

"Which host do you want to get a certificate for: m
Enter a host name: factorone.galileo.ba
Enter all Alternative Names seperated by a comma factorone.galileo.ba
Enter a site path (the web root of the host for http authentication): %SystemDrive%\inetpub\wwwroot

Authorizing Identifier factorone.galileo.ba Using Challenge Type http-01
Writing challenge answer to C:\inetpub\wwwroot.well-known/acme-challenge/PT8WD49TuMyvPvjzT3CmEEVPcTKZn7CaBmBCwoBxgJM
Answer should now be browsable at http://factorone.galileo.ba/.well-known/acme-challenge/PT8WD49TuMyvPvjzT3CmEEVPcTKZn7CaBmBCwoBxgJM
Submitting answer
Refreshing authorization
Authorization Result: invalid

The ACME server was probably unable to reach http://factorone.galileo.ba/.well-known/acme-challenge/PT8WD49TuMyvPvjzT3CmEEVPcTKZn7CaBmBCwoBxgJM

Check in a browser to see if the answer file is being served correctly.

5

Hi @mjozo8

looks like you need an additional mime type, so that files without file-extension are send. Add something like

<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="text/plain" />
        </staticContent>
    </system.webServer>
</configuration>

Create a file

/.well-known/acme-challenge/text

without extension and test, if you can load this with your browser.

6

Thanks very much JuergenAuer.
Its solve my problem.
This Help now can be closed.

7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.