Validation of the required challenges did not complete successfully

Help
1

My domain is: jonrowlison.com and www.jonrowlison.com

I ran this command: [initial setup] in CertifyTheWeb

It produced this output: Validation of the required challenges did not complete successfully

My web server is (include version): IIS 10 (Windows Server 2019)

The operating system my web server runs on is (include version): Windows Server 2019

My hosting provider, if applicable, is: myself

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): CertifyTheWeb

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certify SSL Manager - CLI v4.0.0. Certify.Core v4.1.8.0

I’m using CertifyTheWeb GUI which runs certbot on the back end. The process is supposed to be automated but it fails every single time I try to run it… always at the same place. Here is my log file:

2020-04-03 09:02:43.198 -05:00 [ERR] BeginCertificateOrder: error creating order. Retries remaining:1 :: Certes.AcmeRequestException: Fail to load resource from ‘https://acme-v02.api.letsencrypt.org/acme/new-order’.
urn:ietf:params:acme:error:badNonce: JWS has an invalid anti-replay nonce: “010275_b6hk3ByVCEfWt48qwec60blVvGcFfMYzOs-xDTEk”
at Certes.Acme.IAcmeHttpClientExtensions.d__0`1.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.d__19.MoveNext()
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.Certes.CertesACMEProvider.d__26.MoveNext()
2020-04-03 09:02:44.199 -05:00 [ERR] BeginCertificateOrder: creating/retrieving order. Retries remaining:0
2020-04-03 09:02:44.349 -05:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/81768465/2877619379
2020-04-03 09:02:44.451 -05:00 [INF] Fetching Authorizations.
2020-04-03 09:02:44.956 -05:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3655775185/MBL8fQ
2020-04-03 09:02:45.167 -05:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3655775185/bhEJag
2020-04-03 09:02:45.567 -05:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3737392425/4vH1zw
2020-04-03 09:02:45.767 -05:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3737392425/PRKzGw
2020-04-03 09:02:46.782 -05:00 [INF] Http Challenge Server process available.
2020-04-03 09:02:46.782 -05:00 [INF] Attempting Domain Validation: www.jonrowlison.com
2020-04-03 09:02:46.783 -05:00 [INF] Registering and Validating www.jonrowlison.com
2020-04-03 09:02:46.783 -05:00 [INF] Performing automated challenge responses (www.jonrowlison.com)
2020-04-03 09:02:46.783 -05:00 [INF] Preparing challenge response for Let’s Encrypt server to check at: http://www.jonrowlison.com/.well-known/acme-challenge/n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU with content n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU.dsZO9pFqqSJNI7eB6-WDQyAC58pzR2cCP2w-VynZZTo
2020-04-03 09:02:46.783 -05:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-04-03 09:02:46.791 -05:00 [INF] Using website path C:\inetpub\sites\jonrowlison
2020-04-03 09:02:46.792 -05:00 [INF] Requesting Validation from Let’s Encrypt: www.jonrowlison.com
2020-04-03 09:02:46.793 -05:00 [INF] Http Challenge Server process available.
2020-04-03 09:02:46.793 -05:00 [INF] Attempting Domain Validation: jonrowlison.com
2020-04-03 09:02:46.793 -05:00 [INF] Registering and Validating jonrowlison.com
2020-04-03 09:02:46.793 -05:00 [INF] Performing automated challenge responses (jonrowlison.com)
2020-04-03 09:02:46.793 -05:00 [INF] Preparing challenge response for Let’s Encrypt server to check at: http://jonrowlison.com/.well-known/acme-challenge/83CgCKVTU1VjLppvD9FEQdI4vaUlQIaDJd6vFDltvpY with content 83CgCKVTU1VjLppvD9FEQdI4vaUlQIaDJd6vFDltvpY.dsZO9pFqqSJNI7eB6-WDQyAC58pzR2cCP2w-VynZZTo
2020-04-03 09:02:46.793 -05:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-04-03 09:02:46.801 -05:00 [INF] Using website path C:\inetpub\sites\jonrowlison
2020-04-03 09:02:46.806 -05:00 [INF] Requesting Validation from Let’s Encrypt: jonrowlison.com
2020-04-03 09:02:46.806 -05:00 [INF] Attempting Challenge Response Validation for Domain: www.jonrowlison.com
2020-04-03 09:02:46.806 -05:00 [INF] Registering and Validating www.jonrowlison.com
2020-04-03 09:02:46.806 -05:00 [INF] Checking automated challenge response for Domain: www.jonrowlison.com
2020-04-03 09:02:57.423 -05:00 [INF] Fetching http://www.jonrowlison.com/.well-known/acme-challenge/n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU: Timeout during connect (likely firewall problem)
2020-04-03 09:02:58.941 -05:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://www.jonrowlison.com/.well-known/acme-challenge/n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU: Timeout during connect (likely firewall problem)
2020-04-03 09:02:58.941 -05:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://www.jonrowlison.com/.well-known/acme-challenge/n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU: Timeout during connect (likely firewall problem)

It wouldn’t be a firewall problem or else the 20+ people who hit the site today wouldn’t be able to. What I am seeing is that the first file (in this case 83CgCKVTU1VjLppvD9FEQdI4vaUlQIaDJd6vFDltvpY) is being created, but the second file (in this case n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU) never does. This is consistent behavior… the GUI is trying to fetch two differently-named random files but it only ever creates one of them.

Am I missing something obvious?

Jon

2

Hi @JonRowlison

checking that file

http://www.jonrowlison.com/.well-known/acme-challenge/n6IO5yoxXgps47iM1APpOpNW4KK71fqClkWKg5jJxdU:

in my browser: There is no timeout, instead, there is a Runtime error of your .NET environment.

Server Error in '/.well-known/acme-challenge' Application.

So there is the wrong content.

Looks like you have changed something. Now it's not a timeout. Instead, it's the wrong content.

PS: Oh, what's that? Checking your domain via https://check-your-website.server-daten.de/?q=jonrowlison.com - there are only timeouts:

Domainname Http-Status redirect Sec. G
http://jonrowlison.com/ 76.17.245.225 -14 10.040 T
Timeout - The operation has timed out
http://www.jonrowlison.com/ 76.17.245.225 -14 10.040 T
Timeout - The operation has timed out
https://jonrowlison.com/ 76.17.245.225 -14 10.026 T
Timeout - The operation has timed out
https://www.jonrowlison.com/ 76.17.245.225 -14 10.036 T
Timeout - The operation has timed out
http://jonrowlison.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 76.17.245.225 -14 10.040 T
Timeout - The operation has timed out
Visible Content:
http://www.jonrowlison.com/.well-known/acme-challenge/check-your-website-dot-server-daten-dot-de 76.17.245.225 -14 10.030 T
Timeout - The operation has timed out

Looks like you have a firewall or something else that blocks online servers.

Browser -> yes
Online tools + Letsencrypt -> no.

That's wrong.

3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.