Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: testssc.nl
I ran this command: certbot certonly --manual --register-unsafely-without-email --eab-kid=*** --eab-hmac-key=*** --server "http://acme.digicert.com/v2/acme/directory/" -d testssc.nl
It produced this output: acme.errors.ClientError: <Response [407]>
My web server is (include version): Windows Server 2019/IIS
The operating system my web server runs on is (include version): Windows Server 2019
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 1.24.0
I receive an error on our internal proxy server: there is no user/password supplied. I notice certbot uses the proxy settings from Microsoft Edge. But there is no option for me to supply credentials. Does anyone know where I can add credentials with the proxy server?
@certbot-devs Currently, the Certbot documentation does not provide any information about using Certbot in combination with a proxy. Any thoughts here? Especially as I'm not sure if environment variables used by requests are working on Windows. Or how to do that anyway..
@rg305 Is true but really don’t want to do this because off office policy. If there is no way out this is my only option but I don’t know why you just can’t supply credentials
@9peppe Thanks, will look into this other client. I’ve been using certbot because the CA supports this in their documentation. But maybe I can get win-acme working. Win-acme does offer proxy credentials in their documentation.
It should be possible to use a proxy with Certbot on Windows, but it's true that we don't have any documentation for it. We ideally should, but how to do it isn't a request that I see come up much.
...by default Requests relies on the proxy configuration defined by standard environment variables http_proxy , https_proxy , no_proxy and curl_ca_bundle . Uppercase variants of these variables are also supported. You can therefore set them to configure Requests (only set the ones relevant to your needs):
The command for setting the environment variables in these examples is for UNIX, but doing the equivalent thing in Windows batch/powershell should work.
@DannyE Doesn't your Edge proxy settings already incorporate the username/password? Isn't it a little bit strange it would use the address data for the proxy from Edge, but not the username/password? How does Edge even manage username/passwords for proxies? So many unknowns for me
Thanks for mentioning Certify The Web but we actually don't officially support proxies because there are too many variables when it comes to extended things like scripted deployments etc. It is of course technically possible (I just don't want to debug people's proxy settings for them) and I think both win-acme and posh-acme have explicit proxy support. The best approach is to use a transparent proxy.
@Osiris edge uses your windows login credentials but certbot runs on local system.
@bmw thank you. I will try this and let you know. Have been fooling around with these settings but couldn’t got it working. But maybe with this little documentation I will
[by simply issuing a SET command] Anything that can reach any command prompt can have your proxy_userid and proxy_password - which is likely an AD account with other privileges.
I don't know if I'll be able to sleep tonight - LOL