Why I have "Domain Verification Failed" error?

TonySSL · July 4, 2019, 3:06pm

Hi,

I am able to ping my domain with no packet loss. Also, I am able to access my domain through http from the public. So why I have “Domain Verification Failed” error below?

My domain is: www.weconnec.com
My web server is (include version): IIS 7.5
The operating system my web server runs on is (include version): Windows 7
My hosting provider, if applicable, is: myself
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): yes
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): I use Zerossl

I ran this command:

PS C:\Users\Administrator> openssl genrsa -out account.key 4096
Generating RSA private key, 4096 bit long modulus (2 primes)
…++++
…++++
e is 65537 (0x010001)
PS C:\Users\Administrator> openssl genrsa -out mydomain.key 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
…+++++
…+++++
e is 65537 (0x010001)
PS C:\Users\Administrator> openssl req -new -sha256 -key mydomain.key -out mydomain.csr -config san.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.

Country Name (NL) :US
State or Province Name (ZH) :NY
Locality Name (AADR) :HEWLETT
Organization Name (WGE) :WeConnec
Common Name (e.g. server FQDN) :www.weconnec.com
PS C:\Users\Administrator> le64 --key account.key --csr sslcert.csr --csr-key mydomain.key --crt mydomain.crt --domains “www.weconnec.com,weconnec.com” --path “C:\inetpub\henrywebroot\.well-known\acme-challenge” --generate-missing --unlink
2019/07/04 10:45:24 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/07/04 10:45:24 Loading an account key from account.key
2019/07/04 10:45:24 Loading a CSR from sslcert.csr
2019/07/04 10:45:26 Registering the account key
2019/07/04 10:45:26 The key is already registered. ID: 9865045
2019/07/04 10:45:26 Successfully saved a challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/P-zMxnVMVy7kzGtUwa9hfWQPafPjqATc7o6M4RYu4qs’ for domain ‘www.weconnec.com’
2019/07/04 10:45:26 Successfully saved a challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/QaCb9rPql4yisLQzBv1ZC8c_2deaUh0FQ6qvA1DGcLo’ for domain ‘weconnec.com’
2019/07/04 10:45:29 Domain verification results for ‘www.weconnec.com’: error. Invalid response from http://www.weconnec.com/.well-known/acme-challenge/P-zMxnVMVy7kzGtUwa9hfWQPafPjqATc7o6M4RYu4qs [108.6.59.126]: "\r\n<html xmlns=“http”
2019/07/04 10:45:29 Challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/P-zMxnVMVy7kzGtUwa9hfWQPafPjqATc7o6M4RYu4qs’ has been deleted.
2019/07/04 10:45:31 Domain verification results for ‘weconnec.com’: error. Invalid response from http://weconnec.com/.well-known/acme-challenge/QaCb9rPql4yisLQzBv1ZC8c_2deaUh0FQ6qvA1DGcLo [108.6.59.126]: "\r\n<html xmlns=“http”
2019/07/04 10:45:31 Challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/QaCb9rPql4yisLQzBv1ZC8c_2deaUh0FQ6qvA1DGcLo’ has been deleted.
2019/07/04 10:45:31 All verifications failed
PS C:\Users\Administrator>

danb35 · July 4, 2019, 3:30pm

Looks to me like you're missing a \ in the path--shouldn't it be --path “C:\inetpub\henrywebroot\.well-known\acme-challenge”?

TonySSL · July 4, 2019, 3:48pm

danb35,

No. It is because when I copied and pasted the text into letsencrypt.org the html code translates the “.” to a “.”. I just fixed the posting.

JuergenAuer · July 4, 2019, 3:50pm

Hi @TonySSL

seven days earlier you had the same question.

Is there a config file?

TonySSL · July 4, 2019, 3:52pm

Yes, but now those old issues have been fixed for this new certificate request for a different domain. So now I don’t know what are the new issues?

JuergenAuer · July 4, 2019, 3:54pm

Then first step: Create the two subdirectories yourRoot/.well-known/acme-challenge, there a test file (file name 1234 without extension), then try to load that file via browser.

http://weconnec.com/.well-known/acme-challenge/1234

TonySSL · July 4, 2019, 4:03pm

JuergenAuer,

You are absolutely correct! While upgrading my web.config from .net 3.5 to 4.0 I forgot to include the following code.

  <system.webServer>
    <staticContent>
        <mimeMap fileExtension="." mimeType="text/plain" />
    </staticContent>
</system.webServer>

system · August 3, 2019, 4:03pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.