NetTalk Central

Author Topic: Unable to get certificate - Challenge was invalid error  (Read 6001 times)

jari@softmade.fi

  • Full Member
  • ***
  • Posts: 134
    • View Profile
    • Email
Unable to get certificate - Challenge was invalid error
« on: January 16, 2018, 02:07:53 AM »
Hello

I got error while trying to ceritficate.
In my certificate folder i don't have www.netkyyti.fi.crt  file, so is that the reason?

Jari


[ 1/16/18-12:04:42]  Unable to get certificate - Challenge was invalid
[ 1/16/18-12:04:42]  Status: "invalid"
[ 1/16/18-12:04:42]  Checking Status
[ 1/16/18-12:04:37]  Status: "pending"
[ 1/16/18-12:04:37]  Checking Status
[ 1/16/18-12:04:36]  Notify Server Challenge is Ready
[ 1/16/18-12:04:36]  LE Server will now fetch http://www.netkyyti.fi:80/.well-known/acme-challenge/C4cGfKJruOS11cSL8GxL5g97nzgY3B-EWqSKuKgPBH0
[ 1/16/18-12:04:36]  Challenge Token Saved C:\Netkyyti\web\.well-known\acme-challenge\C4cGfKJruOS11cSL8GxL5g97nzgY3B-EWqSKuKgPBH0
[ 1/16/18-12:04:36]  Authorize Request www.netkyyti.fi
[ 1/16/18-12:04:35]  Registering Account softmade at  https://acme-v01.api.letsencrypt.org/acme/new-reg
[ 1/16/18-12:04:34]  C:\Netkyyti\certificates\www.netkyyti.fi.crt does not exist
[ 1/16/18-12:04:34]  Created C:\Netkyyti\certificates\www.netkyyti.fi.csr
[ 1/16/18-12:04:33]  Created C:\Netkyyti\certificates\www.netkyyti.fi.key
[ 1/16/18-12:04:01]  Created C:\Netkyyti\certificates\softmade-LE.key
[ 1/16/18-12:03:47]  Created C:\Netkyyti\certificates\softmade-CA.crt
[ 1/16/18-12:03:47]  Created C:\Netkyyti\certificates\softmade-CA.key

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Unable to get certificate - Challenge was invalid error
« Reply #1 on: January 16, 2018, 03:08:02 AM »
Hi Jari,

I'd like to answer this question by improving the docs. So please check out
http://www.capesoft.com/docs/NetTalk10/NetTalkWebSecure.htm
especially the troubleshooting section;
http://www.capesoft.com/docs/NetTalk10/NetTalkWebSecure.htm#Troubleshooting

Hopefully that will help you sort it out. If not then please feel free to let me know and I'll walk through the process with you.


>> In my certificate folder i don't have www.netkyyti.fi.crt  file, so is that the reason?


no, the missing CRT is because of the problem, not the cause of the problem.


cheers
Bruce

jari@softmade.fi

  • Full Member
  • ***
  • Posts: 134
    • View Profile
    • Email
Re: Unable to get certificate - Challenge was invalid error
« Reply #2 on: January 16, 2018, 08:43:22 AM »
Thanks

Sometimes it is difficult to find the docs :)

But my problem seem to be that I am not using port 80 in insecure port.
Because if  I put http://www.netkyyti.fi:XXXX/.well-known/acme-challenge/7VrnBNCemMDplzcrdSD1dFYWtCjMf2JnthXQ274z6xE in my browser I get right result.
XXXX is the port I use because I can't use port 80

What i should do next?

Jari

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Unable to get certificate - Challenge was invalid error
« Reply #3 on: January 16, 2018, 10:12:20 PM »
Hi Jari,

LE will only ask on port 80.

If you cannot use port 80, because another server is listening on that port, then set the AcmeFolder so that the challenge file is written into that other server's web directory.

for example, if IIS is listening on the port then you set the AcmeWebFolder to be the IIS folder, so that IIS can serve the file.

LE doesn't care _who_ serves it, as long as it gets served.

cheers
Bruce


jari@softmade.fi

  • Full Member
  • ***
  • Posts: 134
    • View Profile
    • Email
Re: Unable to get certificate - Challenge was invalid error
« Reply #4 on: January 20, 2018, 12:00:59 AM »
Thanks Bruce

My IIS did not accept extensionless files.
So I also had to make the following changes to the web.config file


<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
        <staticContent>
            <clear />
            <mimeMap fileExtension=".*" mimeType="text/json" />
        </staticContent>
        <handlers>
            <clear />
            <add name="StaticFile" path="*" verb="*" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
        </handlers>
    </system.webServer>

</configuration>

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11250
    • View Profile
Re: Unable to get certificate - Challenge was invalid error
« Reply #5 on: January 21, 2018, 09:43:56 PM »
good tip, thanks, added to the docs...