NetTalk Central

« previous next »
Pages: [1]

Author Topic: LE error: Unable to get certificate - Challenge was invalid  (Read 1539 times)

Poul Jensen

  • Full Member
  • ***
  • Posts: 201
    • View Profile
    • Email
LE error: Unable to get certificate - Challenge was invalid
« on: January 25, 2025, 11:01:16 PM »
Hi

Trying to use Letsencrypt but it fails with this message:
Unable to get certificate - Challenge was invalid

Debugview log:
Code: [Select]
[ 1/26/25- 7:37:36]  Setting Folders for Domain [mobil1.domain.org]
[ 1/26/25- 7:37:36]  Created C:\pstellar7\MariSoft\certificates\mobil1.domain.org.csr.der
[ 1/26/25- 7:37:36]  Setting Folders for Domain [mobil1.domain.org]
[ 1/26/25- 7:37:36]  C:\pstellar7\MariSoft\certificates\mobil1.domain.org.crt does not exist
[ 1/26/25- 7:37:36]  Time to update the certificate mobil1.domain.org
[ 1/26/25- 7:37:40]  Registering Account MarisoftWeb1 at  https://acme-staging-v02.api.letsencrypt.org/acme/new-acct
[ 1/26/25- 7:37:41]  Authorize Request mobil1.domain.org
[ 1/26/25- 7:37:43]  Get Authorize mobil1.domain.org
[ 1/26/25- 7:37:44]  HTTP Challenge will be used
[ 1/26/25- 7:37:44]  Challenge Token Saved C:\pstellar7\MariSoft\web\.well-known\acme-challenge\LcML2B1oQ1Dia0N1kH0gxnNjdgRJbpVeiQf1n7q0UtI
[ 1/26/25- 7:37:44]  LE Server will now fetch http://mobil1.domain.org:80/.well-known/acme-challenge/LcML2B1oQ1Dia0N1kH0gxnNjdgRJbpVeiQf1n7q0UtI
[ 1/26/25- 7:37:44]  Notify Server Challenge is Ready: https://acme-staging-v02.api.letsencrypt.org/acme/chall/181883304/15838799894/c_rB6g
[ 1/26/25- 7:37:45]  Checking Status
[ 1/26/25- 7:37:46]  Get Authorize mobil1.domain.org
[ 1/26/25- 7:37:47]  Status: "invalid"
[ 1/26/25- 7:37:47]  Unable to get certificate - Challenge was invalid
[ 1/26/25- 7:37:47]  Hostname resolved to: 192.236.999.230

What should I be looking at?

This is NT 14.29

/Poul
Logged

rjolda

  • Sr. Member
  • ****
  • Posts: 341
    • View Profile
    • Email
Re: LE error: Unable to get certificate - Challenge was invalid
« Reply #1 on: January 26, 2025, 03:41:51 AM »
HI Poul,
I ran into this because my cable provider blocks port 80.  Thus when LetsEncrypt went to port 80 to retrieve the message to prove that this is the machine for the certificate, it failed the challenge.  SO, port 80 was the problem for me.  Bruce has another method for using DNS instead of direct challenge but you have to use a DNS provider which allows you to change some of the parameters. Bruce has them listed.  In my case, I just bought a SSL certificate from GoDaddy - that was the easiest solution in my particular case.
Ron
Logged

Poul Jensen

  • Full Member
  • ***
  • Posts: 201
    • View Profile
    • Email
Re: LE error: Unable to get certificate - Challenge was invalid
« Reply #2 on: January 26, 2025, 11:25:14 AM »
Hi Ron,

Thanks - you got me on the right track.
Port 80 was not blocked, but the IIS was grabbing it :-)

Stopping IIS made it all work as expected.

Cheers
/Poul
Logged
Pages: [1]
« previous next »