Test is success but renewal failure

the renewal of an IIS site (subsite.mydomain.be) on my W2016 server started failing after some time… The test with the certify.UI and Letsdebug gives no errors but a renewal of the certificate fails. The error gives a unauthorized error on the RDS-site of the domain (on another server). I’m not an expert in this…

2020-11-24 09:22:39.381 +01:00 [INF] Checking URL is accessible: http://subsite.mydomain.be/.well-known/acme-challenge/lRlrZ-Z066qVrBVxLNL1AOqEsyXej3KK7vKvo2lXM-k [proxyAPI: True, timeout: 5000ms]

2020-11-24 09:22:44.106 +01:00 [INF] URL is accessible. Check passed.

2020-11-24 09:22:44.107 +01:00 [INF] Requesting Validation: mydomain.be

2020-11-24 09:22:44.133 +01:00 [INF] Attempting Challenge Response Validation for Domain: mydomain.be

2020-11-24 09:22:44.133 +01:00 [INF] Registering and Validating mydomain.be

2020-11-24 09:22:44.133 +01:00 [INF] Checking automated challenge response for Domain: mydomain.be

2020-11-24 09:22:51.908 +01:00 [INF] Invalid response from https://remote.mydomain.be/RDWeb/Pages/en-US/login.aspx?ReturnUrl=/RDWeb/Pages/en-US/Default.aspx: "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<?xml-stylesheet type=\"text/xsl\" href=\"../Site.xsl\"?>\r\n<?xml-stylesheet type=“text/css” "

Hi, so Certify has a built in http challenge service which bypasses IIS, and if that is unavailable for some reason then the http validation request gets answered by IIS instead. If you then have a default redirection to a particular page then the /.well-known/acme-challenge/ requests may get redirected before it is answered. In your case it’s redirecting unauthenticated users to the login page.

Check you are on the latest version of Certify - that’s important so we can see if the challenge server is running or not in the logs. Also check if the http challenge server is enabled under Settings in the app, I’ve heard of at least once case recently where it wasn’t.

If you are already on the latest version and the request is still failing you could try a reboot. Ensure that in the log file it says something along the lines of ‘http challenge service available’.

If you have purchased a license key you can log a helpdesk ticket by emailing support at certifytheweb.com with further details and your log file so we can help more.