Azure LetsEncrypt extension cannot access .well-known/acme-challenge in Umbraco app

Question

I am hosting an Ubraco CMS app in Azure. After following the instructions in this blog post, I am receiving the following error when I try to request and install a LetsEncrypt certificate using the Azure Let'sEncrypt site extension:

System.Exception: The Lets Encrypt ACME server was probably unable to reach http://domain.com/.well-known/acme-challenge/token

I have verified that all of my app settings are correct, my extension was installed properly, and that there don't seem to be any network issues. What could be causing this issue?

Answer 1

Turns out the problem has to do with the fact that the ACME challenge files are extensionless and the Umbraco pipeline tries to route all extensionless requests to a document within the CMS using OWIN.

James Dibble has written an excellent guide for how to create an OWIN configuration file to intercept any requests to "/.well-known" and serve up the ACME challenge files instead:

https://www.jdibble.co.uk/blog/using-letsencrypt-with-umbraco

You can find the gist of his code here:

https://gist.github.com/dibble-james/f47b0cba3494381588482c7f185861bf

One thing that was left out of his tutorial was that I also had to install the Microsoft.Owin.StaticFiles package. I also didn't know what he meant by "update the owin:appStartup app setting in your web.config," because I've never used OWIN before. If you just copypasta his code, then you'll want to change your setting from this:

<add key="owin:appStartup" value="UmbracoDefaultOwinStartup" />

To this:

<add key="owin:appStartup" value="Startup" />

Here's a detailed article as to why:

http://www.asp.net/aspnet/overview/owin-and-katana/owin-startup-class-detection

Answer 2

In the web.config file for the site, add ~/.well-known to the umbracoReservedPaths element and Let's Encrypt will be able to access the verification url.

<add key="umbracoReservedPaths" value="~/umbraco,~/.well-known" />