Unable to get SSL Certificate

saurabhseths · March 11, 2021, 8:19pm

I ran this command: certbot certonly --webroot --test
after running the above command, I've entered my domain name "login.saunitech.com" and then entered the webroot location on the server.

It produced this output:

Domain: login.saunitech.com
Type: unauthorized
Detail: Invalid response from
http://login.saunitech.com/.well-known/acme-challenge/f5kE76mo6fLF-c8ur8BloyAN2y8UG1fvbD-NqBYjkkA
[64.150.181.104]: "\r\n<html
xmlns="http"

To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.

Even though, I am able to see a file on below path
http://login.saunitech.com/.well-known/acme-challenge/1.txt
My web server is (include version):
Windows Server 2016 and IIS Version 10.0.14393.0

The operating system my web server runs on is (include version):
OS Name Microsoft Windows Server 2016 Standard

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know): NO

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): NO

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.13.0

JuergenAuer · March 11, 2021, 8:50pm

Hi @saurabhseths

a file name without extension is required.

Rename the file to 1234 and check, if that works.

saurabhseths · March 11, 2021, 10:47pm

Hi @JuergenAuer - you mean something like this (please see the screenshot attached)?

schoen · March 12, 2021, 6:44am

Yes, exactly! In fact, the server's behavior there suggests your IIS is configured to block serving files without extensions, which will interfere with certbot --webroot.

The 1.txt and 1234.txt files return the word "sas", while the 1234 file returns a server 404 error (even though you showed in your screenshot that it's located in the same place).

I'm not familiar with IIS, but there have been threads on this forum in the past about how to configure IIS to allow it to serve files with no extension. Alternatively, you could use a client application other than Certbot with more direct IIS integration.

JuergenAuer · March 12, 2021, 7:59am

A web.config must allow extensionless files.

Something like

<configuration>
	<system.webServer>
		<staticContent>
			<mimeMap fileExtension="." mimeType="text/plain" />
		</staticContent>
	</system.webServer>
</configuration>

If 1234.txt works, but 1234 not (and if both files exist, change your folder setup to see known file extensions, not only the icons), the reason is that missing configuration.

system · April 11, 2021, 8:00am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.