The first is that your IIS bindings don't seem quite right. Try visiting each link below - the second one gives the default IIS page. This will break the process.
Thank you for the reply. I fixed all the issues you have indicated, and re-executed the steps. However, the domain verification is still failing. Below is my latest execution code.
Note: The henrywebroot.well-know is actually not the error in my code. It is caused by this website letsencrypt.org’s text to html translation error. I just added the double \ to this html posting to take care of the problem.
C:\Users\Administrator>le64 -key account.key -csr mydomain.csr -csr-key mydomain.key -crt mydomain.crt -domains “www.friendly.cool,friendly.cool” -path “C:\inetpub\henrywebroot\.well-known\acme-chal
nge” -generate-missing -live
2019/06/26 21:28:55 [ ZeroSSL Crypt::LE client v0.32 started. ]
2019/06/26 21:28:55 Loading an account key from account.key
2019/06/26 21:28:55 Loading a CSR from mydomain.csr
2019/06/26 21:28:57 Registering the account key
2019/06/26 21:28:57 The key is already registered. ID: 60078796
2019/06/26 21:28:58 Successfully saved a challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/iLm5OVFuH2gUy8E5bIdZEo2lv3Szgp2S7OG6nxJN0B4’ for domain ‘www.friendly.cool’
2019/06/26 21:28:58 Successfully saved a challenge file ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/WYWnEfubtmyp5PactcJv2opHjjuvdDORrfM6bPpxfto’ for domain ‘friendly.cool’
2019/06/26 21:29:00 Domain verification results for ‘www.friendly.cool’: error. Invalid response from http://www.friendly.cool/.well-known/acme-challenge/iLm5OVFuH2gUy8E5bIdZEo2lv3Szgp2S7OG6nxJN0B4
08.6.59.126]: "\r\n<html xmlns=“http”
2019/06/26 21:29:00 You can now delete the ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/iLm5OVFuH2gUy8E5bIdZEo2lv3Szgp2S7OG6nxJN0B4’ file.
2019/06/26 21:29:03 Domain verification results for ‘friendly.cool’: error. Invalid response from http://friendly.cool/.well-known/acme-challenge/WYWnEfubtmyp5PactcJv2opHjjuvdDORrfM6bPpxfto [108.6.5
126]: "\r\n<html xmlns=“http”
2019/06/26 21:29:03 You can now delete the ‘C:\inetpub\henrywebroot\.well-known\acme-challenge/WYWnEfubtmyp5PactcJv2opHjjuvdDORrfM6bPpxfto’ file.
2019/06/26 21:29:03 All verifications failed
You may need to add some custom IIS configuration to allow for extension-less files to be accessible. This is a common problem that IIS users run into.
For example, by creating a web.config file inside the acme-challenge directory with these contents:
Thank you so much for your help. I was able to successfully create the mydomain.crt, mydomain.key, mydomain.csr an account.key files. However, when I tried to use openssl to generate the .pfx file, I got the error below. Yes, this is more of an openssl question, but it is also related to SSL on ISS server. I hope you have the answer for this question.
As for the error you are seeing when attempting to convert with openssl, that might be due to the fact that by default the certificate file (mydomain.crt in your case) contains 2 certificates - for your domain and the intermediate one. Those can be stored separately (domain certificate to .crt file and intermediate to .ca file) if -legacy option is used. Alternatively you can just split that crt file leaving only your domain certificate in it - the answer given in ZeroSSL FAQ might apply to your case as well.