Symptoms
Unable to issue an SSL certificate using Let's Encrypt in Domains > example.com > SSL/TLS Certificates:
Could not issue an SSL/TLS certificate for example.com
Details
Could not issue a Let's Encrypt SSL/TLS certificate for example.com.
The authorization token is not available at http://example.com/.well-known/acme-challenge/6AkQ-N5vdWobP0yM2Wq9jJ8S6TKt0R1DCXfsGUGCdAY.
To resolve the issue, make sure that the token file can be downloaded via the above URL.The authorization token URL mentioned in the error can not be accessed via web browser failing with a 503 error.
The application pool
acme-challengestops when the authorization token URL is accessed via a web browser .
This can be checked in Windows, Internet Information Services (IIS) Manager > ServerName > Application Pools:
Cause
The user acme-challenge is not set/or doesn't have the correct permissions set to the app pool folder C:Inetpubtempappoolsacme-challenge
Resolution
Set the user acme-challenge and/or delegate "Full Control" permission to the acme-challenge app pool folder.
Connect to the server via RDP
Right-click on the folder
C:Inetpubtempappoolsacme-challenge, then click on Properties.On the Security tab, check that the
acme-challengeuser exists and that it hasfull controlpermission on the folder.Click Apply button.
Re-issue SSL certificate in Domains > example.com > SSL/TLS Certificates.
