Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Lets Encrypt ACME Challenge file not accessable from IIS

Tags:

iis

http-status-code-404

lets-encrypt

I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error and is not accessible over the web.

I have tried the following:

  1. Moving the static content type above the extension less options in IIS
  2. Adding a mime type for text/json, text/html

None of the above work which is making it really hard for me to generate a SSL using this service. Any idea how I can make it accessible ? I have given full access to that specific App Pool identity so permissions don't seem to be an issue in this case, its just the way the extension less files are being handled in IIS

Any help is appreciated.

Thanks, Vishal

like image 544
vishal vazkar Avatar asked Jan 04 '16 17:01

vishal vazkar

People also ask

Where does Certbot store Acme challenge?

If you want to use the http-01 challenge validation, make sure that Certbot can write to the challenge folder of the web server, usually located in /var/www/html/. well-known/acme-challenge.

Does Certbot work with IIS?

Currently, Certbot for Windows cannot automate the installation of adding SSL certificate in IIS. Future versions will be able to automate it for specific web-server applications. So we need to import this certificate manually through IIS manager.

How does let's encryption challenge work?

Once your ACME client tells Let's Encrypt that the file is ready, Let's Encrypt tries retrieving it (potentially multiple times from multiple vantage points). If our validation checks get the right responses from your web server, the validation is considered successful and you can go on to issue your certificate.

3 Answers

You just Add a New MIME Type on IIS like this . enter image description here

and try use the url at your browser . you will see that enter image description here Now you can Pass the lets-encrypt authentication :)

like image 74
King Jk Avatar answered Sep 19 '22 16:09

King Jk

Also, if you're using a system with lots of custom routing or a framework that interferes with how URLs are handled (e.g. a CMS), ensure that you've told it to ignore /.well-known

We often use Umbraco for public-facing sites and I keep forgetting that I need to add ~/.well-known to the umbracoReservedUrls app setting in the web.config. Hopefully next time I'm stuck, I'll come across this answer...

like image 41
Matt Wanchap Avatar answered Sep 22 '22 16:09

Matt Wanchap

Taking inspiration from the accepted answer, I did the following:

I was using plesk for windows on Godaddy. Go to

Web server settings

In the MIME types, added the following node and click OK.

text/plain .

Note the dot at the end of the above setting.

like image 20
olleh Avatar answered Sep 21 '22 16:09

olleh
Sign in to Comment

Related questions

Where is IIS Express 7.5 wwwroot Directory
Does arraffinity cookie always set on azure web application?
"Could not load App_Web_*.dll" Exception after ASP.NET compile & recycle
Host MVC web app without IIS [closed]
Illegal operation attempted on a registry key that has been marked for deletion - only in IE
Get name of virtual directory?
IIS, Node.js, and Web Application with IISNode not configured right with Virtual Directory
Disable Directory Listing in IIS
IIS Worker Process using a LOT of memory?
HTTP Binding missing in IIS
Visual Studio IIS HTTP 503 Service Unavailable
How to test subdomains on a development machine? abc.localhost
Cache.SetMaxAge not working under IIS, works fine under VS Dev Srv
Use PowerShell to Create AppPool does not set AppPool Identity
File Security (IP address access restrictions) in IIS7
Visual Studio can't create web site in IIS
PHP Manager - Downloaded file failed signature verification
How to track IIS server performance
IIS 7.5 Can't open Handler Mappings?
CKEditor not working when site is deployed on IIS

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!