The certificate order failed


I am trying to renew an SSL certificate for the domain www.macucotech.com using the HTTP Challenge. However, the process fails with the following error message:

Additionally, when testing directly with curl, I receive a 404 error, indicating that the validation file is not accessible.


Environment

  1. Server: Windows Server
  2. Web Server: IIS (Internet Information Services)
  3. Path configured in IIS: C:\Users\Administrator\Desktop\API
  4. Directory created for the challenge:
C:\Users\Administrator\Desktop\API\.well-known\acme-challenge

Test with CURL

Command:

curl -v http://www.macucotech.com/.well-known/acme-challenge/Test

Response:

mathematica

Copiar código

HTTP/1.1 404 Not Found

Actions already taken

  1. Created the .well-known/acme-challenge directory in the path configured in IIS.
  2. Placed a test file (Test.txt) inside the mentioned folder.
  3. Tried to access the file directly via browser and curl, but I still get a 404 Not Found error.
  4. Confirmed that port 80 is open and being used by the IIS process.
  5. Verified that IIS is configured to serve the site associated with the domain www.macucotech.com.

Question

Why is the file .well-known/acme-challenge/kIvnoWyWGjvcPFZC3ZQLvwT-cYW39ZEQjxjHAOuT2a0 not being correctly served by IIS, even after configuring the directory in the physical site path? Is there any additional configuration required in IIS or for the domain?

The server that’s responding is an Apache server, not IIS.

curl -I http://www.macucotech.com/.well-known/acme-challenge/Test
HTTP/1.1 404 Not Found
Date: Sun, 08 Dec 2024 08:16:37 GMT
Server: Apache
Content-Type: text/html; charset=iso-8859-1

This means that our IIS integration and the apps own HTTP Challenge Listener process cannot be used to answer the HTTP challenge response.

If you need to use Apache as your web server on TCP port 80 then you will also need to use Apache to answer the http challenge response, by setting the websites htdocs path under Certiicate > Authorization > [http-01] - Site Root Directory

If you don’t want to use Apache to answer the http challenge you would need to either disable Apache sites listening on port 80 or stop Apache altogether and that will let our HTTP challenge response process answer challenges.