Closed brianedwards71 closed 5 years ago
+1, on Default Web Site
Same problem: see also https://community.letsencrypt.org/t/wont-validate-challenge-with-wincertes/76857 I wonder if the MSI is actually important? Is it downloadable somewhere?
There was a bug with latest versions of IIS, which was fixed in version 1.0.5. Also, i provide now a Debug version MSI, along with the release one. Please use the Debug version to submit logs when there is an issue.
Hello @aloopkin,
I'm facing the same issue with version 1.0.5
LE community suggested to get in contact with the program owner.
Here is the command I issued: “C:\Program Files\WinCertes\WinCertes.exe” -e pnamroud@edi2xml.com -d demo.erpwizard.net -b “demo” -p
Here is the Error I'm getting: 2018-12-06 16:24:17.5151|ERROR|Failed to register and validate order with CA: ACME operation not supported.
can you try with the debug version please, and provide the logs.
@aloopkin Here is what the debug version returned:
[DEBUG] PFX password will be: d5b1705d4ee04727 [DEBUG] Successfully registered account pnamroud@edi2xml.com with certificate au thority https://acme-v02.api.letsencrypt.org/directory Successfully registered account pnamroud@edi2xml.com with certificate authority https://acme-v02.api.letsencrypt.org/directory [DEBUG] Please check the ACME Service ToS at: https://letsencrypt.org/documents/ LE-SA-v1.2-November-15-2017.pdf Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1 .2-November-15-2017.pdf [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: Could not validate challe nge https://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HD LG39Bww8QSNzyCCWxYs/10033376155 Failed to register and validate order with CA: Could not validate challenge http s://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HDLG39Bww8 QSNzyCCWxYs/10033376155
Here is what I got from the log file 2018-12-06 17:19:17.9227|INFO|Successfully registered account pnamroud@edi2xml.com with certificate authority https://acme-v02.api.letsencrypt.org/directory 2018-12-06 17:19:17.9695|INFO|Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf 2018-12-06 17:19:22.0035|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HDLG39Bww8QSNzyCCWxYs/10033376155
if you click on the latest link, you'll find more info: most probably, you need to specify the webroot of your website (listening on port 80 for name demo.erpwizard.net), using the "-w" switch.
Thank You @aloopkin Added the -w switch and the command i sent is: "C:\Program Files\WinCertes\WinCertes.exe" -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p where c:\Projects\erpwizard\demo is the folder pointing to demo.erpwizard.net The error is now different; Here is what I captured from the console screen: [DEBUG] PFX password will be: 4cfd2c5745aa426c [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: Could not validate challe nge https://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FR w5VuwQ4GWC2xDZuHSoE/10055872503 Failed to register and validate order with CA: Could not validate challenge http s://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FRw5VuwQ4G WC2xDZuHSoE/10055872503 [DEBUG] Could not delete challenge file directory: The directory is not empty.
Could not delete challenge file directory: The directory is not empty.
Here is what It logged in the log file: 2018-12-07 08:39:40.9391|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FRw5VuwQ4GWC2xDZuHSoE/10055872503 2018-12-07 08:39:41.0015|WARN|Could not delete challenge file directory: The directory is not empty.
well, and what is in the directory? could it be a rights issue?
I am logged in as domain admin, so by default, i have full rights. Anyhow, just added full control right to the domain admins, and retried. I got this error:
[DEBUG] PFX password will be: 612f9602838b4cb8 [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: Fail to load resource fro m 'https://acme-v02.api.letsencrypt.org/acme/new-order'. urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many fai led authorizations recently: see https://letsencrypt.org/docs/rate-limits/ Failed to register and validate order with CA: Fail to load resource from 'https ://acme-v02.api.letsencrypt.org/acme/new-order'. urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many fai led authorizations recently: see https://letsencrypt.org/docs/rate-limits/
please use the staging server while you test
OK. Here is the new command: "C:\Program Files\WinCertes\WinCertes.exe" -s https://acme-staging-v02.api.letsencrypt.org/directory -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p
Here is what I got: [DEBUG] PFX password will be: f57d43384b0143c0 [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: One or more errors occurr ed. - Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/a cme/new-acct'. urn:ietf:params:acme:error:accountDoesNotExist: No account exists with the provi ded key Failed to register and validate order with CA: One or more errors occurred. - Fa il to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/new- acct'. urn:ietf:params:acme:error:accountDoesNotExist: No account exists with the provi ded key
cleanup the registry entries in HKLM\Software\WinCertes
After cleaning up the registry: [DEBUG] PFX password will be: f35f2273ee6149ac [DEBUG] Successfully registered account pnamroud@edi2xml.com with certificate au thority https://acme-staging-v02.api.letsencrypt.org/directory Successfully registered account pnamroud@edi2xml.com with certificate authority https://acme-staging-v02.api.letsencrypt.org/directory [DEBUG] Please check the ACME Service ToS at: https://letsencrypt.org/documents/ LE-SA-v1.2-November-15-2017.pdf Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1 .2-November-15-2017.pdf [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: Could not validate challe nge https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Txq3G5Vu8kVzWSeD y_30p8IeMwoAE4buwn-QoyndNx4/206127906 Failed to register and validate order with CA: Could not validate challenge http s://acme-staging-v02.api.letsencrypt.org/acme/challenge/Txq3G5Vu8kVzWSeDy_30p8Ie MwoAE4buwn-QoyndNx4/206127906 [DEBUG] Could not delete challenge file directory: The directory is not empty.
Could not delete challenge file directory: The directory is not empty.
This is a permission issue. Look at http://demo.erpwizard.net/.well-known/
I am not sure it is the case... I added a permission tfor any user full control. Cleared the registery and ran the command: "C:\Program Files\WinCertes\WinCertes.exe" -s https://acme-staging-v02.api.letsencrypt.org/directory -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p
When running the command, I was seeing the folder deleted and recreated...so no permission issues
I still got this error:
[DEBUG] PFX password will be: 6c002b64152e4584 [DEBUG] Current certificate expiration date is: [DEBUG] Failed to register and validate order with CA: Could not validate challe nge https://acme-staging-v02.api.letsencrypt.org/acme/challenge/pW5N3NY40wnPx2qo drl2SsKUdI2D6VLgPOV8BuF2Q2w/206130256 Failed to register and validate order with CA: Could not validate challenge http s://acme-staging-v02.api.letsencrypt.org/acme/challenge/pW5N3NY40wnPx2qodrl2SsKU dI2D6VLgPOV8BuF2Q2w/206130256
Please read the information available at the last URL. I think it's crystal clear, and you should be able to debug it yourself.
Thank You anyways for all your help @aloopkin
This is a permission issue. Look at http://demo.erpwizard.net/.well-known/
Is not a permission, is because the .well-known directory was not empty. I added a suggested fix to this bug.. https://github.com/aloopkin/WinCertes/issues/11
@anibal-acosta it was a permission issue at the time.
Describe the bug [DEBUG] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]
To Reproduce Steps to reproduce the behavior:
Expected behavior New SSL cert registered with LetsEncrypt and installed in IIS website
Screenshots or Logs [DEBUG] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]
Desktop (please complete the following information):
Additional context Used command line "WinCertes.exe -e [my_email_address] -d [www.mywebsite.TLD] -b "[name_of_IIS_website_entry (NOT default site)]" -p" to produce [DEBUG] error specified