I seem to be running into an unexpected issue. I keep getting a failure with an invalid response error, yet the test process passes, files are being created, and they’re accessible from the outside. At first I had issues with the common 403 error, but I resolved that (extensionless files issue with IIS 10, which I solved by modifying the web.config file the software uses - the one it comes with doesn’t work for IIS 10). This is a Windows Server 2016 machine with Exchange 2016 installed. Here is the log file I get after trying to request a certificate:
2020-06-25 11:14:15.639 -07:00 [INF] ---- Beginning Request [Default Web Site] ----
2020-06-25 11:14:15.639 -07:00 [INF] Certify/5.0.12.0 (Windows; Microsoft Windows NT 10.0.14393.0)
2020-06-25 11:14:15.646 -07:00 [INF] Beginning Certificate Request Process: Default Web Site using ACME Provider:Certes
2020-06-25 11:14:15.646 -07:00 [INF] Requested domains to include on certificate: exchange.pcmlawco.com;autodiscover.pcmlawco.com
2020-06-25 11:14:15.646 -07:00 [INF] Beginning certificate order for requested domains
2020-06-25 11:14:15.646 -07:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:2
2020-06-25 11:14:15.922 -07:00 [ERR] Certes.AcmeRequestException: Fail to load resource from 'https://acme-v02.api.letsencrypt.org/acme/new-order'.
urn:ietf:params:acme:error:badNonce: JWS has an invalid anti-replay nonce: "0001txDy-TgNyJdTgbmCAJR6NptcEmtfTlpUCgv49fR39aA"
at Certes.Acme.IAcmeHttpClientExtensions.<Post>d__0`1.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certes.AcmeContext.<NewOrder>d__19.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Providers.ACME.Certes.CertesACMEProvider.<BeginCertificateOrder>d__30.MoveNext() in C:\Work\GIT\certify_5.0.x\certify\src\Certify.Providers\ACME\Certes\CertesACMEProvider.cs:line 566
2020-06-25 11:14:15.922 -07:00 [ERR] BeginCertificateOrder: error creating order. Retries remaining:1 :: JWS has an invalid anti-replay nonce: "0001txDy-TgNyJdTgbmCAJR6NptcEmtfTlpUCgv49fR39aA"
2020-06-25 11:14:16.934 -07:00 [INF] BeginCertificateOrder: creating/retrieving order. Retries remaining:0
2020-06-25 11:14:17.069 -07:00 [INF] Created ACME Order: https://acme-v02.api.letsencrypt.org/acme/order/89696326/3923462715
2020-06-25 11:14:17.172 -07:00 [INF] Fetching Authorizations.
2020-06-25 11:14:17.704 -07:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/5463096406/Xt90bg
2020-06-25 11:14:17.916 -07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/5463096406/nUMwlw
2020-06-25 11:14:18.334 -07:00 [INF] Got http-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/5474039454/0H9gHw
2020-06-25 11:14:18.534 -07:00 [INF] Got dns-01 challenge https://acme-v02.api.letsencrypt.org/acme/chall-v3/5474039454/5zm48A
2020-06-25 11:14:19.556 -07:00 [INF] Http Challenge Server process available.
2020-06-25 11:14:19.557 -07:00 [INF] Attempting Domain Validation: exchange.pcmlawco.com
2020-06-25 11:14:19.557 -07:00 [INF] Registering and Validating exchange.pcmlawco.com
2020-06-25 11:14:19.557 -07:00 [INF] Performing automated challenge responses (exchange.pcmlawco.com)
2020-06-25 11:14:19.557 -07:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U with content PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U.gUciPCYus201IdA0yQyKdd99i22tsdGyDDB3k9cMxTw
2020-06-25 11:14:19.557 -07:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-06-25 11:14:19.577 -07:00 [INF] Using website path C:\inetpub\wwwroot
2020-06-25 11:14:19.578 -07:00 [INF] Checking URL is accessible: http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [proxyAPI: True, timeout: 5000ms]
2020-06-25 11:14:20.498 -07:00 [INF] (proxy api) URL is not accessible. Result: [403] Resource not accessible, Timeout or Redirected
2020-06-25 11:14:20.498 -07:00 [INF] Checking URL is accessible: http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [proxyAPI: False, timeout: 5000ms]
2020-06-25 11:14:20.628 -07:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2020-06-25 11:14:20.628 -07:00 [INF] Requesting Validation: exchange.pcmlawco.com
2020-06-25 11:14:20.629 -07:00 [INF] Http Challenge Server process available.
2020-06-25 11:14:20.629 -07:00 [INF] Attempting Domain Validation: autodiscover.pcmlawco.com
2020-06-25 11:14:20.630 -07:00 [INF] Registering and Validating autodiscover.pcmlawco.com
2020-06-25 11:14:20.630 -07:00 [INF] Performing automated challenge responses (autodiscover.pcmlawco.com)
2020-06-25 11:14:20.630 -07:00 [INF] Preparing challenge response for the issuing Certificate Authority to check at: http://autodiscover.pcmlawco.com/.well-known/acme-challenge/U8ZtvcSJHZfB1uax7zbRyCEhk8nZXFbkcDMIaxjU4fE with content U8ZtvcSJHZfB1uax7zbRyCEhk8nZXFbkcDMIaxjU4fE.gUciPCYus201IdA0yQyKdd99i22tsdGyDDB3k9cMxTw
2020-06-25 11:14:20.630 -07:00 [INF] If the challenge response file is not accessible at this exact URL the validation will fail and a certificate will not be issued.
2020-06-25 11:14:20.648 -07:00 [INF] Using website path C:\inetpub\wwwroot
2020-06-25 11:14:20.650 -07:00 [INF] Checking URL is accessible: http://autodiscover.pcmlawco.com/.well-known/acme-challenge/U8ZtvcSJHZfB1uax7zbRyCEhk8nZXFbkcDMIaxjU4fE [proxyAPI: True, timeout: 5000ms]
2020-06-25 11:14:21.184 -07:00 [INF] (proxy api) URL is not accessible. Result: [403] Resource not accessible, Timeout or Redirected
2020-06-25 11:14:21.184 -07:00 [INF] Checking URL is accessible: http://autodiscover.pcmlawco.com/.well-known/acme-challenge/U8ZtvcSJHZfB1uax7zbRyCEhk8nZXFbkcDMIaxjU4fE [proxyAPI: False, timeout: 5000ms]
2020-06-25 11:14:21.186 -07:00 [INF] (local check) URL is accessible. Check passed. HTTP OK
2020-06-25 11:14:21.186 -07:00 [INF] Requesting Validation: autodiscover.pcmlawco.com
2020-06-25 11:14:21.193 -07:00 [INF] Attempting Challenge Response Validation for Domain: exchange.pcmlawco.com
2020-06-25 11:14:21.193 -07:00 [INF] Registering and Validating exchange.pcmlawco.com
2020-06-25 11:14:21.193 -07:00 [INF] Checking automated challenge response for Domain: exchange.pcmlawco.com
2020-06-25 11:14:21.356 -07:00 [WRN] Challenge response validation still pending. Re-checking [10]..
2020-06-25 11:14:22.962 -07:00 [INF] Invalid response from http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [184.68.12.218]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"Expires\" content=\"-1\"><meta http-equ"
2020-06-25 11:14:24.066 -07:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [184.68.12.218]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"Expires\" content=\"-1\"><meta http-equ"
2020-06-25 11:14:24.067 -07:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [184.68.12.218]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"Expires\" content=\"-1\"><meta http-equ"
2020-06-25 11:14:24.067 -07:00 [INF] Validation of the required challenges did not complete successfully. Invalid response from http://exchange.pcmlawco.com/.well-known/acme-challenge/PBk16H9mYyDJhJ5FKuHPpQjl-1tU9Nc39oRtCa6bt8U [184.68.12.218]: "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><head><meta http-equiv=\"Expires\" content=\"-1\"><meta http-equ"
There’s also a challenge request file left behind (it seems to delete one, but not both for my request), which is here:
http://exchange.pcmlawco.com/.well-known/acme-challenge/U8ZtvcSJHZfB1uax7zbRyCEhk8nZXFbkcDMIaxjU4fE
Any ideas? I’m completely stumped.
Thanks!