New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to register and validate order with CA #6

Open
brianedwards71 opened this Issue Oct 16, 2018 · 18 comments

Comments

Projects
None yet
5 participants
@brianedwards71

brianedwards71 commented Oct 16, 2018

Describe the bug
[DEBUG] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]
Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]

To Reproduce
Steps to reproduce the behavior:

  1. Download the software
  2. Compile the software
  3. Execute software as described in Readme
  4. See error

Expected behavior
New SSL cert registered with LetsEncrypt and installed in IIS website

Screenshots or Logs
[DEBUG] Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]
Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/[challenge_removed]

Desktop (please complete the following information):

  • OS: Windows Server
  • Version: 2016 Datacenter

Additional context
Used command line "WinCertes.exe -e [my_email_address] -d [www.mywebsite.TLD] -b "[name_of_IIS_website_entry (NOT default site)]" -p" to produce [DEBUG] error specified

@LeonardoX77

This comment has been minimized.

LeonardoX77 commented Oct 29, 2018

+1, on Default Web Site

@erict-powersoft

This comment has been minimized.

erict-powersoft commented Nov 7, 2018

Same problem: see also https://community.letsencrypt.org/t/wont-validate-challenge-with-wincertes/76857
I wonder if the MSI is actually important? Is it downloadable somewhere?

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Nov 28, 2018

There was a bug with latest versions of IIS, which was fixed in version 1.0.5.
Also, i provide now a Debug version MSI, along with the release one. Please use the Debug version to submit logs when there is an issue.

@pnamroud

This comment has been minimized.

pnamroud commented Dec 6, 2018

Hello @aloopkin,

I'm facing the same issue with version 1.0.5

LE community suggested to get in contact with the program owner.

Here is the command I issued: “C:\Program Files\WinCertes\WinCertes.exe” -e pnamroud@edi2xml.com -d demo.erpwizard.net -b “demo” -p

Here is the Error I'm getting:
2018-12-06 16:24:17.5151|ERROR|Failed to register and validate order with CA: ACME operation not supported.

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 6, 2018

can you try with the debug version please, and provide the logs.

@pnamroud

This comment has been minimized.

pnamroud commented Dec 6, 2018

@aloopkin
Here is what the debug version returned:

[DEBUG] PFX password will be: d5b1705d4ee04727
[DEBUG] Successfully registered account pnamroud@edi2xml.com with certificate au
thority https://acme-v02.api.letsencrypt.org/directory
Successfully registered account pnamroud@edi2xml.com with certificate authority
https://acme-v02.api.letsencrypt.org/directory
[DEBUG] Please check the ACME Service ToS at: https://letsencrypt.org/documents/
LE-SA-v1.2-November-15-2017.pdf
Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1
.2-November-15-2017.pdf
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: Could not validate challe
nge https://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HD
LG39Bww8QSNzyCCWxYs/10033376155
Failed to register and validate order with CA: Could not validate challenge http
s://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HDLG39Bww8
QSNzyCCWxYs/10033376155

Here is what I got from the log file
2018-12-06 17:19:17.9227|INFO|Successfully registered account pnamroud@edi2xml.com with certificate authority https://acme-v02.api.letsencrypt.org/directory
2018-12-06 17:19:17.9695|INFO|Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf
2018-12-06 17:19:22.0035|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/IYMvRhMFk2YrjUGvQKaz-6HDLG39Bww8QSNzyCCWxYs/10033376155

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 6, 2018

if you click on the latest link, you'll find more info: most probably, you need to specify the webroot of your website (listening on port 80 for name demo.erpwizard.net), using the "-w" switch.

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

Thank You @aloopkin
Added the -w switch and the command i sent is:
"C:\Program Files\WinCertes\WinCertes.exe" -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p
where c:\Projects\erpwizard\demo is the folder pointing to demo.erpwizard.net
The error is now different; Here is what I captured from the console screen:
[DEBUG] PFX password will be: 4cfd2c5745aa426c
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: Could not validate challe
nge https://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FR
w5VuwQ4GWC2xDZuHSoE/10055872503
Failed to register and validate order with CA: Could not validate challenge http
s://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FRw5VuwQ4G
WC2xDZuHSoE/10055872503
[DEBUG] Could not delete challenge file directory: The directory is not empty.

Could not delete challenge file directory: The directory is not empty.

Here is what It logged in the log file:
2018-12-07 08:39:40.9391|ERROR|Failed to register and validate order with CA: Could not validate challenge https://acme-v02.api.letsencrypt.org/acme/challenge/PBQar4z20XQYoLjD9PlwX6FRw5VuwQ4GWC2xDZuHSoE/10055872503
2018-12-07 08:39:41.0015|WARN|Could not delete challenge file directory: The directory is not empty.

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 7, 2018

well, and what is in the directory? could it be a rights issue?

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

I am logged in as domain admin, so by default, i have full rights.
Anyhow, just added full control right to the domain admins, and retried.
I got this error:

[DEBUG] PFX password will be: 612f9602838b4cb8
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: Fail to load resource fro
m 'https://acme-v02.api.letsencrypt.org/acme/new-order'.
urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many fai
led authorizations recently: see https://letsencrypt.org/docs/rate-limits/
Failed to register and validate order with CA: Fail to load resource from 'https
://acme-v02.api.letsencrypt.org/acme/new-order'.
urn:ietf:params:acme:error:rateLimited: Error creating new order :: too many fai
led authorizations recently: see https://letsencrypt.org/docs/rate-limits/

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 7, 2018

please use the staging server while you test

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

OK.
Here is the new command:
"C:\Program Files\WinCertes\WinCertes.exe" -s https://acme-staging-v02.api.letsencrypt.org/directory -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p

Here is what I got:
[DEBUG] PFX password will be: f57d43384b0143c0
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: One or more errors occurr
ed. - Fail to load resource from 'https://acme-staging-v02.api.letsencrypt.org/a
cme/new-acct'.
urn:ietf:params:acme:error:accountDoesNotExist: No account exists with the provi
ded key
Failed to register and validate order with CA: One or more errors occurred. - Fa
il to load resource from 'https://acme-staging-v02.api.letsencrypt.org/acme/new-
acct'.
urn:ietf:params:acme:error:accountDoesNotExist: No account exists with the provi
ded key

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 7, 2018

cleanup the registry entries in HKLM\Software\WinCertes

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

After cleaning up the registry:
[DEBUG] PFX password will be: f35f2273ee6149ac
[DEBUG] Successfully registered account pnamroud@edi2xml.com with certificate au
thority https://acme-staging-v02.api.letsencrypt.org/directory
Successfully registered account pnamroud@edi2xml.com with certificate authority
https://acme-staging-v02.api.letsencrypt.org/directory
[DEBUG] Please check the ACME Service ToS at: https://letsencrypt.org/documents/
LE-SA-v1.2-November-15-2017.pdf
Please check the ACME Service ToS at: https://letsencrypt.org/documents/LE-SA-v1
.2-November-15-2017.pdf
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: Could not validate challe
nge https://acme-staging-v02.api.letsencrypt.org/acme/challenge/Txq3G5Vu8kVzWSeD
y_30p8IeMwoAE4buwn-QoyndNx4/206127906
Failed to register and validate order with CA: Could not validate challenge http
s://acme-staging-v02.api.letsencrypt.org/acme/challenge/Txq3G5Vu8kVzWSeDy_30p8Ie
MwoAE4buwn-QoyndNx4/206127906
[DEBUG] Could not delete challenge file directory: The directory is not empty.

Could not delete challenge file directory: The directory is not empty.

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 7, 2018

This is a permission issue. Look at http://demo.erpwizard.net/.well-known/

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

I am not sure it is the case...
I added a permission tfor any user full control. Cleared the registery and ran the command:
"C:\Program Files\WinCertes\WinCertes.exe" -s https://acme-staging-v02.api.letsencrypt.org/directory -e pnamroud@edi2xml.com -d demo.erpwizard.net -b "demo" -w "C:\projects\erpwizard\demo" -p

When running the command, I was seeing the folder deleted and recreated...so no permission issues

I still got this error:

[DEBUG] PFX password will be: 6c002b64152e4584
[DEBUG] Current certificate expiration date is:
[DEBUG] Failed to register and validate order with CA: Could not validate challe
nge https://acme-staging-v02.api.letsencrypt.org/acme/challenge/pW5N3NY40wnPx2qo
drl2SsKUdI2D6VLgPOV8BuF2Q2w/206130256
Failed to register and validate order with CA: Could not validate challenge http
s://acme-staging-v02.api.letsencrypt.org/acme/challenge/pW5N3NY40wnPx2qodrl2SsKU
dI2D6VLgPOV8BuF2Q2w/206130256

@aloopkin

This comment has been minimized.

Owner

aloopkin commented Dec 7, 2018

Please read the information available at the last URL. I think it's crystal clear, and you should be able to debug it yourself.

@pnamroud

This comment has been minimized.

pnamroud commented Dec 7, 2018

Thank You anyways for all your help @aloopkin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment