I´m trying to install Letsencrypt on a Windows server via Axigen CLI using the instructions here lets-encrypt-support-p10649619
DNS is done and working - letsdebug.net/
When I try generating “Let´s Encrypt” certificate I get this error message from them: Acme challenge state failed, perhaps webmail.acme.com cannot be accessed by the letsencrypt servers?
In there response web (via logs) I can see that they are trying to access a file under:
“/.well-known/acme-challenge/1234567890”
I can see that the generate create a folder + files under - C:\Program Files\Axigen Mail Server\letsencrypt
But nothing under:
C:\Program Files\Axigen Mail Server\webmail\default which they are trying to point at in the response web.
I´ve tried creating a test file under:
/.well-known/acme-challenge/1 (this doesn´t work getting OOOPS The requested url was not found on this server.)
/.well-known/acme-challeng/1 (this works)
So is there some kind of a limit of filedepth? And why isn´t the generate creating this folder + file for me?
First of all, please know that the well-known/acme-challenge folder cannot be manually created and is currently dynamically handled by the Axigen binary.
Based on the log message posted:
" Acme challenge state failed, perhaps webmail.acme.com cannot be accessed by the letsencrypt servers?"
we understand that the hostname you wanted to generate a certificate for was “webmail.acme.com” and we believe that this is where the problem occurred due to a typo.
In order to use the Axigen Let’sEncrypt feature, you first need to make sure of the below requirements:
There is an A DNS record of the hostname that leads to the Axigen server’s IP
The Axigen’s IP is able to be reached on port 80 by remote servers
The Axigen’s IP is able to reach remote servers on port 80
The CLI command to generate the certificate must contain the full hostname that you want to have the certificate generated for.
For example:
If you like to keep the setup with IIS redirection than please redirect ports :80 and :443 from IIS to ports :80 and :443 from Axigen and let Axigen to perform the automatically redirection of HTTP to HTTPS (as it is clearly stated into the documentation)
To redirect all insecure connections you may edit the non-SSL listener (that by default is set on port 80) and under the SSL Settings tab )→ Secure login subcategory → Tick the " Redirect to secure login page " option box and click on " Save Configuration ".)
If am in your position I’ll totally avoid this setup (using IIS as a proxy) as it will be very hard to debug why Letsencrypt servers are not able to reach Axigen.