I’m trying to request my first cert (www.jonrowlison.com / jonrowlison.com) and it always fails with the same error at the end of the log: Validation of the required challenges did not complete successfully
It looks like the GUI is attempting to fetch two files from /.well-known/acme-challenge but it is only creating one. The second one is fetchable, but the first one always generates a 404 error because the file doesn’t exist. It does this every time. I’m assuming that both files SHOULD be created by the GUI in the same directory, but it doesn’t and there’s no indication that it’s even trying to.
2020-04-03 17:33:37.612 -05:00 [INF] Certify/4.1.8.0 (Windows; Microsoft Windows NT 6.2.9200.0)
2020-04-03 17:33:37.612 -05:00 [INF] Beginning Certificate Request Process: jonrowlison using ACME Provider:Certes
2020-04-03 17:33:37.612 -05:00 [INF] Registering Domain Identifiers
2020-04-03 17:33:37.613 -05:00 [ERR] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2020-04-03 17:33:38.312 -05:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/81768465/2881532870
2020-04-03 17:33:38.425 -05:00 [INF] Fetching Authorizations.
2020-04-03 17:33:38.993 -05:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3738441053/NRoaAg
2020-04-03 17:33:39.217 -05:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3738441053/2JYIGA
2020-04-03 17:33:39.668 -05:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3744379927/oRdojA
2020-04-03 17:33:39.904 -05:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/3744379927/ogyuzA
2020-04-03 17:33:41.021 -05:00 [INF] Http Challenge Server process available.
2020-04-03 17:33:41.021 -05:00 [INF] Attempting Domain Validation: jonrowlison.com
2020-04-03 17:33:41.021 -05:00 [INF] Registering and Validating jonrowlison.com
2020-04-03 17:33:41.021 -05:00 [INF] Performing automated challenge responses (jonrowlison.com)
2020-04-03 17:33:41.021 -05:00 [INF] Preparing challenge response for Let's Encrypt server to check at: http://jonrowlison.com/.well-known/acme-challenge/-EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA with content -EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA.dsZO9pFqqSJNI7eB6-WDQyAC58pzR2cCP2w-VynZZTo
2020-04-03 17:33:41.021 -05:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-04-03 17:33:41.029 -05:00 [INF] Using website path C:\inetpub\sites\jonrowlison
2020-04-03 17:33:41.033 -05:00 [INF] Checking URL is accessible: http://jonrowlison.com/.well-known/acme-challenge/-EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA [proxyAPI: True, timeout: 5000ms]
2020-04-03 17:33:42.504 -05:00 [INF] URL is accessible. Check passed.
2020-04-03 17:33:42.504 -05:00 [INF] Requesting Validation from Let's Encrypt: jonrowlison.com
2020-04-03 17:33:42.505 -05:00 [INF] Http Challenge Server process available.
2020-04-03 17:33:42.505 -05:00 [INF] Attempting Domain Validation: www.jonrowlison.com
2020-04-03 17:33:42.505 -05:00 [INF] Registering and Validating www.jonrowlison.com
2020-04-03 17:33:42.505 -05:00 [INF] Performing automated challenge responses (www.jonrowlison.com)
2020-04-03 17:33:42.505 -05:00 [INF] Preparing challenge response for Let's Encrypt server to check at: http://www.jonrowlison.com/.well-known/acme-challenge/gWxxCeNRfDNjG5hgwnCqGbsCkWXCYJx5JusVxwXRIgQ with content gWxxCeNRfDNjG5hgwnCqGbsCkWXCYJx5JusVxwXRIgQ.dsZO9pFqqSJNI7eB6-WDQyAC58pzR2cCP2w-VynZZTo
2020-04-03 17:33:42.505 -05:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-04-03 17:33:42.513 -05:00 [INF] Using website path C:\inetpub\sites\jonrowlison
2020-04-03 17:33:42.515 -05:00 [INF] Checking URL is accessible: http://www.jonrowlison.com/.well-known/acme-challenge/gWxxCeNRfDNjG5hgwnCqGbsCkWXCYJx5JusVxwXRIgQ [proxyAPI: True, timeout: 5000ms]
2020-04-03 17:33:43.714 -05:00 [INF] URL is accessible. Check passed.
2020-04-03 17:33:43.715 -05:00 [INF] Requesting Validation from Let's Encrypt: www.jonrowlison.com
2020-04-03 17:33:43.715 -05:00 [INF] Attempting Challenge Response Validation for Domain: jonrowlison.com
2020-04-03 17:33:43.715 -05:00 [INF] Registering and Validating jonrowlison.com
2020-04-03 17:33:43.715 -05:00 [INF] Checking automated challenge response for Domain: jonrowlison.com
2020-04-03 17:33:54.318 -05:00 [INF] Fetching http://jonrowlison.com/.well-known/acme-challenge/-EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA: Timeout during connect (likely firewall problem)
2020-04-03 17:33:55.821 -05:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://jonrowlison.com/.well-known/acme-challenge/-EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA: Timeout during connect (likely firewall problem)
2020-04-03 17:33:55.821 -05:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://jonrowlison.com/.well-known/acme-challenge/-EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA: Timeout during connect (likely firewall problem)
It seems to always create the fetch file for the 2nd URL but never the primary. If I only include the primary and never include a secondary in my cert request, it creates nothing and the whole thing fails.
Here’s the directory CertifyTheWeb is creating. Note it only ever creates one file and that one is successful in the logs. The other file (in this case -EMtfRb7z6Y9KFbp22gc8kp-F_KfBCC8Bo5cMuLN7xA is never created so it will always get a 404.) There shouldn’t be any firewall issues, despite the assertion in the log.
C:\inetpub\sites\jonrowlison\.well-known\acme-challenge>dir
Volume in drive C has no label.
Volume Serial Number is 448F-5CEE
Directory of C:\inetpub\sites\jonrowlison\.well-known\acme-challenge
04/03/2020 05:33 PM <DIR> .
04/03/2020 05:33 PM <DIR> ..
04/03/2020 11:02 AM 35 configcheck
04/03/2020 05:33 PM 87 gWxxCeNRfDNjG5hgwnCqGbsCkWXCYJx5JusVxwXRIgQ
2 File(s) 122 bytes