403 error trying to create certificate #2549
Unanswered
Patzilla99
asked this question in
Q&A
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am using for first time. getting 403 invalid message.
Here is verbose entry:
1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store (Local Computer)
5: No (additional) store steps
How would you like to store the certificate?: 2
[VERB] No value provided for --pemfilespath
Description: .pem files are exported to this folder.
File path: c:\wacs\crt
[VERB] No value provided for --pemfilesname
[VERB] No value provided for --pempassword
Description: Password to set for the private key .pem file.
1: None
2: Type/paste in console
3: Search in vault
Choose from the menu: 1
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
1: IIS Central Certificate Store (.pfx per host)
2: PEM encoded files (Apache, nginx, etc.)
3: PFX archive
4: Windows Certificate Store (Local Computer)
5: No (additional) store steps
Would you like to store it in another way too?: 5
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] Autofac: creating PluginFrontend scope with parent target
[WARN] Installation plugin IIS not available: No supported version of IIS detected.
With the certificate saved to the store(s) of your choice, you may choose one
or more steps to update your applications, e.g. to configure the new
thumbprint, or to update bindings.
1: Create or update bindings in IIS
2: Start external script or program
3: No (additional) installation steps
Which installation step should run first?: 3
[VERB] Constructing ACME protocol client...
[VERB] Getting service directory...
[DBUG] [HTTP] Send GET to https://acme-v02.api.letsencrypt.org/directory
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"DPfe_et4PcQ": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"renewalInfo": "https://acme-v02.api.letsencrypt.org/draft-ietf-acme-ari-02/renewalInfo/",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
[DBUG] Loading signer from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Signer_v2
[DBUG] Loading account from C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Registration_v2
[VERB] Using existing ACME account
[DBUG] Using default account...
[VERB] Autofac: creating Execution scope with parent wacs
[VERB] Autofac: creating PluginBackend scope with parent Execution
[INFO] Plugin Manual generated source msp.the-computerman.com with 1 identifiers
[VERB] Autofac: creating Split scope with parent PluginBackend
[VERB] Autofac: creating PluginBackend scope with parent Split
[INFO] Plugin Single created 1 order
[VERB] Checking [Manual] msp.the-computerman.com
[VERB] Autofac: creating Order scope with parent PluginBackend
[VERB] Autofac: creating PluginBackend scope with parent order-main
[DBUG] Reading certificate cache
[DBUG] No cache files found for renewal
[VERB] Order Main should run (new/changed source)
[VERB] Obtain order details for Main
[DBUG] Refreshing cached order
[DBUG] Refreshing order...
[DBUG] [HTTP] Send HEAD to https://acme-v02.api.letsencrypt.org/acme/new-nonce
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Empty response
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/order/1627240977/253908267217
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL29yZGVyLzE2MjcyNDA5NzcvMjUzOTA4MjY3MjE3Iiwibm9uY2UiOiJUVnFpTVBoZkZfNW9RQjNnQjNhOHdaVmpVOVBZdm1mWVA3UlFITTZEMmpXU0MtcDh0OVUiLCJraWQiOiJodHRwczovL2FjbWUtdjAyLmFwaS5sZXRzZW5jcnlwdC5vcmcvYWNtZS9hY2N0LzE2MjcyNDA5NzcifQ","payload":"","signature":"mfxdLBVVvhKVqaCEjXhmoRn8wKJVDYwi50OPYWDguyUjJLUn8bVnnoGzfyAJXADHqbUGkPhl-1THpMQUNrjbpA"}
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"status": "invalid",
"expires": "2024-03-27T13:31:12Z",
"identifiers": [
{
"type": "dns",
"value": "msp.the-computerman.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/328550621467"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1627240977/253908267217"
}
[WARN] Cached order has status invalid, discarding
[DBUG] Deleted C:\ProgramData\win-acme\acme-v02.api.letsencrypt.org\Orders\f10b01fa24a16537ca7a4eb562e05b47e79ec68b.order.json
[VERB] Creating order for identifiers: ["msp.the-computerman.com"] (notAfter: null)
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/new-order
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL25ldy1vcmRlciIsIm5vbmNlIjoiVFZxaU1QaGZITGtMTm5zTndaVXZQaGh3dDJrc24wczl4ZFM5Tzdqa2gzLVF2RjVyaVc4Iiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjI3MjQwOTc3In0","payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoibXNwLnRoZS1jb21wdXRlcm1hbi5jb20ifV19","signature":"HMsvPk5e3M7-oaazXSlKtWmYSKfjtpYeuxn6WBIMcGTxqSr1l5h2JkniJBLXiEzfXBb8fi68uNF4LgQWPs931w"}
[VERB] [HTTP] Request completed with status Created
[VERB] [HTTP] Response content: {
"status": "pending",
"expires": "2024-03-27T13:46:45Z",
"identifiers": [
{
"type": "dns",
"value": "msp.the-computerman.com"
}
],
"authorizations": [
"https://acme-v02.api.letsencrypt.org/acme/authz-v3/328554566967"
],
"finalize": "https://acme-v02.api.letsencrypt.org/acme/finalize/1627240977/253911047077"
}
[VERB] Order https://acme-v02.api.letsencrypt.org/acme/order/1627240977/253911047077 created
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz-v3/328554566967
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyODU1NDU2Njk2NyIsIm5vbmNlIjoiTzFnaUo0ZWZocjhWT00xQ0dLcWViWVQ4Z1RkWk5KTnBwVXlJU0lwaWFmSF9QckthYzVFIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjI3MjQwOTc3In0","payload":"","signature":"0dKYricQyUEh1mKpJrMERS7yyuDNT5HCDgAZM4T-w9pwOT5foN9lFgagcIjYPfNMzqgQVDXFx6pCiPoYvTLPXQ"}
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "msp.the-computerman.com"
},
"status": "pending",
"expires": "2024-03-27T13:46:45Z",
"challenges": [
{
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY"
},
{
"type": "dns-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/vLYFiA",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY"
},
{
"type": "tls-alpn-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/O2wmig",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY"
}
]
}
[VERB] Autofac: creating Target scope with parent PluginBackend
[VERB] Autofac: creating PluginFrontend scope with parent target
[VERB] No W3SVC detected
[VERB] No FTPSVC detected
[VERB] Autofac: creating PluginBackend scope with parent PluginBackend
[VERB] Handle authorization 1/1
[VERB] Autofac: creating PluginBackend scope with parent PluginBackend
[INFO] [msp.the-computerman.com] Authorizing...
[VERB] [msp.the-computerman.com] Initial authorization status: pending
[VERB] [msp.the-computerman.com] Challenge types available: ["http-01", "dns-01", "tls-alpn-01"]
[VERB] [msp.the-computerman.com] Initial challenge status: pending
[INFO] [msp.the-computerman.com] Authorizing using http-01 validation (SelfHosting)
[VERB] Starting commit stage
[VERB] Commit was succesful
[DBUG] [msp.the-computerman.com] Submitting challenge answer
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyODU1NDU2Njk2Ny9kSHZZcFEiLCJub25jZSI6Ik8xZ2lKNGVmWFlVbDB0eG9hdnQzenZTUkI2VFRIVkdRVjhraWwxSGxkR3UxTGZDd3lTMCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYyNzI0MDk3NyJ9","payload":"e30","signature":"0O3yKS_0kTFBdRDwfT8WhzrEycNPAHwEwVwPIrRDMH7xGFzEael95QMOeTumDUwfw7SVQCGu6o4EimXqAN1mWg"}
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"type": "http-01",
"status": "pending",
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY"
}
[DBUG] Refreshing authorization (1/15)
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2NoYWxsLXYzLzMyODU1NDU2Njk2Ny9kSHZZcFEiLCJub25jZSI6Ik8xZ2lKNGVmWTc1M3hUa1d2YnFseEQ3ZUI3dV9PQjN6Tk1LSDVXcjZrbHFvWUFWTWNoOCIsImtpZCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2FjY3QvMTYyNzI0MDk3NyJ9","payload":"","signature":"z4SF10Xt61RRNL7EM60YSHTFHR7o49vhZMDjxhHTXQpP-Oz1jqG_oERAPoj5kUnpa0cqEFYhlNqO9L5NiF8iFg"}
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "208.105.105.22: Invalid response from http://msp.the-computerman.com/.well-known/acme-challenge/RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY: 403",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY",
"validationRecord": [
{
"url": "http://msp.the-computerman.com/.well-known/acme-challenge/RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY",
"hostname": "msp.the-computerman.com",
"port": "80",
"addressesResolved": [
"208.105.105.22"
],
"addressUsed": "208.105.105.22",
"resolverAddrs": [
"A:10.1.12.82:28098",
"AAAA:10.1.12.89:26534"
]
}
],
"validated": "2024-03-20T13:46:46Z"
}
[EROR] [msp.the-computerman.com] Authorization result: invalid
[EROR] [msp.the-computerman.com] {"type":"urn:ietf:params:acme:error:unauthorized","detail":"208.105.105.22: Invalid response from http://msp.the-computerman.com/.well-known/acme-challenge/RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY: 403","status":403,"instance":null}
[VERB] Starting post-validation cleanup
[VERB] Post-validation cleanup was succesful
[INFO] [msp.the-computerman.com] Deactivating pending authorization
[DBUG] [HTTP] Send POST to https://acme-v02.api.letsencrypt.org/acme/authz-v3/328554566967
[VERB] [HTTP] Request content: {"protected":"eyJhbGciOiJFUzI1NiIsInVybCI6Imh0dHBzOi8vYWNtZS12MDIuYXBpLmxldHNlbmNyeXB0Lm9yZy9hY21lL2F1dGh6LXYzLzMyODU1NDU2Njk2NyIsIm5vbmNlIjoiVFZxaU1QaGZQU3FsWENDMV95a2xMeWlYWDVlSjZzVlRQS3JyMnZtcFlIQnhSWmwtT1JrIiwia2lkIjoiaHR0cHM6Ly9hY21lLXYwMi5hcGkubGV0c2VuY3J5cHQub3JnL2FjbWUvYWNjdC8xNjI3MjQwOTc3In0","payload":"eyJzdGF0dXMiOiJkZWFjdGl2YXRlZCJ9","signature":"1njFgJSrLgCPnfKs167ydFgLzRjKcHfXhF_I9sAk_doRr2zTvtifN2_3BX5yMhQNazZ0GlNZ39yZx6t9u0JRKg"}
[VERB] [HTTP] Request completed with status OK
[VERB] [HTTP] Response content: {
"identifier": {
"type": "dns",
"value": "msp.the-computerman.com"
},
"status": "deactivated",
"expires": "2024-03-27T13:46:45Z",
"challenges": [
{
"type": "http-01",
"status": "invalid",
"error": {
"type": "urn:ietf:params:acme:error:unauthorized",
"detail": "208.105.105.22: Invalid response from http://msp.the-computerman.com/.well-known/acme-challenge/RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY: 403",
"status": 403
},
"url": "https://acme-v02.api.letsencrypt.org/acme/chall-v3/328554566967/dHvYpQ",
"token": "RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY",
"validationRecord": [
{
"url": "http://msp.the-computerman.com/.well-known/acme-challenge/RPdQ9EJEhzxeoRVdciOFlRTa8Za31x5tg30xdim-0mY",
"hostname": "msp.the-computerman.com",
"port": "80",
"addressesResolved": [
"208.105.105.22"
],
"addressUsed": "208.105.105.22",
"resolverAddrs": [
"A:10.1.12.82:28098",
"AAAA:10.1.12.89:26534"
]
}
],
"validated": "2024-03-20T13:46:46Z"
}
]
}
[VERB] Order 1/1 (Main): error Validation failed
[VERB] Processing order 1/1: Main
Create certificate failed, retry? (y/n*)
I am not sure what to correct on my side to fix this issue. address of server is 208.105.105.22
I have no idea what this is pointing to : "resolverAddrs": [ "A:10.1.12.82:28098", "AAAA:10.1.12.89:26534",
I have checked my DNS records and don't have any entries pointing to a 10.1.12 subnet.
any help is appreciated.
Beta Was this translation helpful? Give feedback.
All reactions