Challenge Invalid - Still getting after trouble shooting

[CaseyR]

Hi, Bruce

Followed the trouble shooting instructions you have for Let's Encrypt but I am still getting Challenge Invalid error.  Here is what I have:

NT 10.15 server app running on a remote Windows 2012 virtual server.  App runs fine unsecured.

Insecure Port: 80
Web folder:  C:\MyNTServerApp\web
Certificates folder:  C:\MyNTServerApp\certificates
ACME Folder: C:\MyNTServerApp\web
Domains:  mydomain.com

Click Get Certificates and we get
LE Server will now fetch http://mydomain.com:80/.well-known/acme-challenge/xe8GKgbXkHSf8mVFqsXqrHsmMF0IeVAMuJ0A_d75jds

The process continues on to give a Challenge Invalid error.  but if I cut and paste the fetch url into the browser of a different machine (in a different city) it retrieves the token just fine.

Any suggestions?   Thanks.

[Bruce]

>>  I am still getting Challenge Invalid error. 

what is the exact text of the error?

cheers
Bruce

[CaseyR]

Thanks, Bruce

Here is the displayed text.   I cut and pasted the fetch url into another machine's browser and retrieved the challenge token without a problem.  I don't know how long the token will last before it is deleted, but you can give it a go.

[ 2/02/18-22:49:42]  Unable to get certificate - Challenge was invalid
[ 2/02/18-22:49:42]  Status: "invalid"
[ 2/02/18-22:49:41]  Checking Status
[ 2/02/18-22:49:31]  Status: "pending"
[ 2/02/18-22:49:31]  Checking Status
[ 2/02/18-22:49:31]  Notify Server Challenge is Ready
[ 2/02/18-22:49:31]  LE Server will now fetch http://resscheddemo.com:80/.well-known/acme-challenge/WrkCY_pduzWS2MZD8VCnd1sdrUCUH-ENGGaobZ5GKhc
[ 2/02/18-22:49:31]  Challenge Token Saved C:\ResSchedServer\web\.well-known\acme-challenge\WrkCY_pduzWS2MZD8VCnd1sdrUCUH-ENGGaobZ5GKhc
[ 2/02/18-22:49:31]  Authorize Request resscheddemo.com
[ 2/02/18-22:49:30]  Registering Account Madrigal Soft Tools at  https://acme-v01.api.letsencrypt.org/acme/new-reg
[ 2/02/18-22:49:29]  C:\ResSchedServer\certificates\resscheddemo.com.crt does not exist

[Bruce]

It does seem ok.
Maybe I can Team Viewer into the server machine to take a look?

[CaseyR]

We can set up a time for that but before we do it occurred to me that the problem might be a setting on my virtual 2012 server.

Is the Challenge Invalid message a result of an active communication from Lets Encrypt,  or is the app just a timing out from no reply or no LE certificate being saved?  If the latter,  any ideas where to look.

Thanks.       

[Bruce]

>> Is the Challenge Invalid message a result of an active communication from Lets Encrypt,

yes, after we tell LE the "file is ready" it then goes into a "wait" state, where we poll the LE server from time to time to see how things are getting on. It returns either pending, success, or fail. In this case the fail is specific - ie LE tried to get to the site and has failed.

Cheers
Bruce