I have the issue on the renew of Let's encrypt domain.
I cannot renew the certificate using win-acme.
My domain is: sgrdgw.gerp.work
There are 2 certificates on the IIS somehow. The name of the certificates are same "sgrdgw.gerp.work"
The deadline of the one is 10th Oct 2022 but the other is 4th Oct 2022. The later one seems expired.
Previously we did renew both of them , using below cmd. For this time , we didn’t renew successfully.
It produced this output:
[INFO] Renewing certificate for [Manual] sgrdgw.gerp.work
[WARN] First chance error calling into ACME server, retrying with new nonce...
[INFO] Authorize identifier: sgrdgw.gerp.work
[INFO] Authorizing sgrdgw.gerp.work using http-01 validation (SelfHosting)
[EROR] Authorization timed out
[EROR] Renewal for [Manual] sgrdgw.gerp.work failed, will retry on next run
[INFO] Renewing certificate for [Manual] sgrdgw.gerp.work
[INFO] Authorize identifier: sgrdgw.gerp.work
[INFO] Authorizing sgrdgw.gerp.work using http-01 validation (SelfHosting)
[EROR] Authorization timed out
[EROR] Renewal for [Manual] sgrdgw.gerp.work failed, will retry on next run
My web server is (include version): IIS 10.0.14393.0
The operating system my web server runs on is (include version):WindowsServer-2016
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):win-acme.v2.0.5.246
It looks like just what the message says and you have some sort of firewall blocking access by the Let's Encrypt servers. They need to make HTTP requests to your server to satisfy the HTTP Challenge you are using.
The Let's Debug test site is often helpful. It reports the same problem about timeout
If you get a successful test on Let's Debug you should be able to get a certificate
Thank you for your note.
I'm looking at the firewall setting but it seems the connection is allowed to sgrdgw.gerp.work server via 80,443. Could you let me know from which IP should be accepted?