Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:test.missionassist.org.uk
I ran this command: certbot certonly --webroot --test-cert --debug-challenges -w “c:\inetpub\wwwroot”
It produced this output:
Domain: test.missionassist.org.uk
Type: unauthorized
Detail: Invalid response from
http://test.missionassist.org.uk/.well-known/acme-challenge/vrA117AaGVnJP234f5wVSWlmuNf1t0GzUFAvIx0ddEE
[51.104.239.1]: "\r\n<html
xmlns=“http”
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A/AAAA record(s) for that domain
contain(s) the right IP address.
My web server is (include version): IIS on Windows Server 2019
The operating system my web server runs on is (include version): Windows Server 2019
My hosting provider, if applicable, is:
N/A - the server runs under Azure.
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
IIS Manager under Windows Server 2019
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you’re using Certbot): certbot 1.7.0
I have tried various things, but to no avail. --standalone fails with a timeout despite getting a quick response from a web browser running on the local machine. Let’s Debug summary shows:
All OK!
OK
No issues were found with test.missionassist.org.uk. If you are having problems with creating an SSL certificate, please visit the Let’s Encrypt Community forums and post a question there.,
However, the verbose information shows things like:
Request to: test.missionassist.org.uk/51.104.239.1, Result: [Address=51.104.239.1,Address Type=IPv4,Server=Microsoft-IIS/10.0,HTTP Status=404], Issue:
Trace:
@0ms: Making a request to http://test.missionassist.org.uk/.well-known/acme-challenge/letsdebug-test (using initial IP 51.104.239.1)
@0ms: Dialing 51.104.239.1
So, what configuration do I need for IIS to work with certbot?