imported the cert into IIS6 (all was good).broke up the returning cert into 2 files.from IIS6 - created a new cert with 4096 length.ĥ pasted into FREE SSL Certificate Wizard at.If says “None of the common names in the certificate match the name that was entered ( You may receive an error when accessing this site in a web browser.” The cert and intermediate cert are valid. When I installed the cert and the intermediate cert, I got no errors. However, I’m running into a strange problem.įirefox won’t let me view the site in https, and says it’s not configured properly. I was able to get the HTTP verification working by adding the MIME type I added yesterday, but had to restart IIS even though I’d checked the ‘enable direct metabase edit - allows you to edit IIS metabase configuration file while IIS is running’ Thanks for your help - I really appreciate it! Possibly letsencrypt could also use the authoritative DNS server instead of a secondary? html file in the future like Godaddy does? At the very least, using a text file with no extension is going to require some very tricky changes on a Microsoft IIS - so hopefully letsencrypt will also be able to look for a. Maybe the solution is for me to run the browser on a machine outside my network?īut, as DNS will take several hours to propagate to my secondary DNS servers, I would obviously prefer to be able to validate using HTTP with a single file - and somehow get around needing IIS6 to server up a text file with no extension. Possibly this creates an issue when the DNS records that it sees don’t entirely match the ones that the letsencrypt servers would see (even after the secondary DNS servers sync up). The browser (when run from inside my network) will use my Internal local DNS setup on BIND. When I said I have a ‘split’ BIND DNS server, I mean that the same DNS server provides my internal network’s DNS as well as the external (Internet) DNS (each has completely separate zone files). I waited until ’ DNSreport showed that all the DNS servers had the same version number before I hit the ‘Next’ button the last time - but that certainly might explain why it failed initially, but not why it failed the last time I tried. The domain name I added my DNS entry for is. So, I’m dead in the water at the moment, on a stage that should be trivial to accomplish.Īndrei - this is a Windows 2003 Server that runs IIS6. Not sure what that could be - as now the TXT record is on the public and my private DNS and nslookup -q=TXT _ gives me the TXT record when run locally or from a computer outside my network 30 miles away. So, I added the TXT to the internal DNS and instead of saying it couldn’t find it, I got a new error 'Unexpected error status: Unable to update challenge:: response that does not complete challenge. Possibly it was pulling the TXT from one of the secondary DNS servers at EasyDNS - which take a few hours to re-load any new changes?īut, I then thought, what if the code in the browser is talking to my internal DNS (I use a split DNS on BIND), and there was no TXT record added to my internal DNS. It initially complained that it couldn’t find the TXT record - which was strange as the DNS server is setting right next to me. html extension if it fails to find the file without any extension? It would be great if letsencrypt tried looking for the file name with an. Oddly enough, I’ve used HTTP verification with Godaddy before, and it looks for a file with the. I tried adding a MIME type of text with ‘.’, but that didn’t work. I couldn’t use the HTTP verification because it looks for a filename without an extension - and IIS on Win2003 won’t do that.Andrei - the looks very useful!!! I figured I would try to use the ‘FREE SSL Certificate Wizard’ to test things and ran into two issues (that I think have to do with ).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |