Won't validate challenge with WinCertes


Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: navigationsports.com

I ran this command:
wincertes -s https://acme-v02.api.letsencrypt.org/directory -e erict@powersoft.ca -d navigationsports.com -b “NavigationSports” -w “c:\inetpub\wwwroot\navigationsports”

It produced this output:
Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/SsosCA7l-f_YVALld6Yj4CKvtkrgpwppiMYs4fPs87k/9048608666
Could not delete challenge file directory: The directory is not empty.

[The .well-known folder is not deleted, but it’s empty]

My web server is (include version):
IIS 10

The operating system my web server runs on is (include version):
Windows Server 2016 Datacenter

My hosting provider, if applicable, is:
Azure VM

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

Using fiddler4, I could see the last message sent to the CA is:
GET /acme/challenge/SsosCA7l-f_YVALld6Yj4CKvtkrgpwppiMYs4fPs87k/9048608666

The response from the CA is:
“type”: “http-01”,
“status”: “invalid”,
“error”: {
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Invalid response from http://navigationsports.com/.well-known/acme-challenge/o6kxLtjRcoILbibrxCNwQADhd_8topCAoP81HFxDKq0 []: 500”,
“status”: 403
“url”: “https://acme-v02.api.letsencrypt.org/acme/challenge/SsosCA7l-f_YVALld6Yj4CKvtkrgpwppiMYs4fPs87k/9048608666”,
“token”: “o6kxLtjRcoILbibrxCNwQADhd_8topCAoP81HFxDKq0”,
“validationRecord”: [
“url”: “http://navigationsports.com/.well-known/acme-challenge/o6kxLtjRcoILbibrxCNwQADhd_8topCAoP81HFxDKq0”,
“hostname”: “navigationsports.com”,
“port”: “80”,
“addressesResolved”: [
“addressUsed”: “”

I see the 500 and the 403 in the error section, but Fiddler does not report any statuses other than 200 OK. Please advise.


Hi @erict

do you have something like

            <mimeMap fileExtension="." mimeType="text/plain" />

in your configuration file to allow files without extension?

Put a new file in /.well-known/acme-challenge, file name 1234 without extension and try to load it via


to check if this file is sent.


Thanks for pointing out a mistake, I had fileExtension=".*", i.e. dot star, instead of plain dot. I’ve also changed the original application/octet-stream to text/plain. You can test the URL if you wish, the file is still there.
However, I get the same error on the command-line and fiddler shows the same 403 and 500 as I showed in the original post.


Your file


is correct, I can load it. I don’t use wincertes. Are there more debug-options or a better log?


There doesn’t seem to be. Can you recommend a ACME-V2 compatible windows client?


Check the list of clients.

There are different clients with different options. I’m using my own client (not published).


Switched client to win-acme. Works great. Thanks for your help.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.