Symptoms
-
Unable to issue an SSL certificate using Let's Encrypt in Domains > example.com > SSL/TLS Certificates:
Could not issue an SSL/TLS certificate for example.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
The authorization token is not available at http://example.com/.well-known/acme-challenge/6AkQ-N5vdWobP0yM2Wq9jJ8S6TKt0R1DCXfsGUGCdAY.
To resolve the issue, make sure that the token file can be downloaded via the above URL. -
The authorization token URL mentioned in the error can not be accessed via web browser failing with a 503 error.
-
The application pool
acme-challengestops when the authorization token URL is accessed via a web browser .
This can be checked in Windows, Internet Information Services (IIS) Manager > ServerName > Application Pools:
Cause
The user acme-challenge is not set/or doesn't have the correct permissions set to the app pool folder C:Inetpubtempappoolsacme-challenge
Resolution
Set the user acme-challenge and/or delegate "Full Control" permission to the acme-challenge app pool folder.
-
Connect to the server via RDP
-
Right-click on the folder
C:Inetpubtempappoolsacme-challenge, then click on Properties. -
On the Security tab, check that the
acme-challengeuser exists and that it hasfull controlpermission on the folder. -
Click Apply button.
-
Re-issue SSL certificate in Domains > example.com > SSL/TLS Certificates.