Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Let's Encrypt confirmation on IIS not working

Tags:

iis

lets-encrypt

I'm trying to use the Certify SSL Manager to configure SSL certificates from Let's Encrypt on my IIS server, but it fails during the check.

https://dev.mywebsite.com/.well-known/acme-challenge/configcheck/

This works:
https://dev.mywebsite.com/well-known/acme-challenge/configcheck https://dev.mywebsite.com/.well-known/acme-challenge/test.txt

So I assumed it's the . before well-known. But the fact that test.txt works confuses me.

I've already configured the directory according to this discussion: https://github.com/ebekker/ACMESharp/issues/15

I have a bunch of rewrite stuff in my web.config, but even if I remove that section completely, it still fails.

like image 359
Remy Avatar asked Sep 12 '17 11:09

Remy

People also ask

Why is let's encrypt not working?

If the name servers do not match, then this is the reason Let's Encrypt is not working. You can fix the problem by copying the name servers from the ACC and adding them to the domain in the domain registrar. Once these have been saved and the registrar has applied the change to the domain, retry Let's Encrypt.

How do you enable Let's encrypt in IIS?

Select your target IIS domain to install the SSL certificate on. Enter A to use all bindings of the IIS domain. Enter y' to continue with your selection, y' to open with the default web server application, `y' to agree to the Let's Encrypt terms. Enter your email address to receive important certificate notifications.

How do I enable https with Letsencrypt?

To enable HTTPS on your website, you need to get a certificate (a type of file) from a Certificate Authority (CA). Let's Encrypt is a CA. In order to get a certificate for your website's domain from Let's Encrypt, you have to demonstrate control over the domain.

1 Answers

Perhaps check if the acme-challenge web.config contains a conflict within the handler section. Do so by opening IIS manager, find the acme-challenge folder en double click the handler mapping icon. In my case, this resulted in an error.

The problem I ran into with the default web.config in the acme-challenge folder was that the applicationhost.config contained:

<section name="handlers" overrideModeDefault="Deny" />

The handlers section in the acme-challenge web.config therefore was not allowed with the result that the challenge failed. In this case the solutions were: Change applicationhost.config line to:

<section name="handlers" overrideModeDefault="Allow" />

Or ... Remove the handlers setting from the web.config in acme-challenge folder.

The applicationhost.config can be found here: c:\windows\system32\inetsrv\config

like image 137
Paul0515 Avatar answered Oct 20 '22 06:10

Paul0515
Sign in to Comment

Related questions

When should we host WCF service in IIS and when should we host in a windows service?
How to process long running requests with an HTTP handler under IIS?
Extremely slow website on IIS
How does IIS URL Rewrite handle # anchor tags
Can an iisnode-hosted web application work out the virtual path at which it is hosted?
Hosting ASP.Net with HTML5 JS and Twitter Bootstrap formats differently
Proper setup for load balanced web that needs sticky sessions?
Classic ASP session timeout quandry
OWIN Authentication with IIS Basic Authentication
Can you check/monitor the client certificates sent in requests using Wireshark?
Microsoft.Owin.Security.IAuthenticationManager doesn't redirect to login page
SignalR makes IIS hang after rebuild
prerender.io IIS configuration
Tunneling through ngrok strips wordpress site of styles and theme
Configuring Web Deploy IIS User premissions
CreateMutex() fails with ERROR_ACCESS_DENIED when called by process spawned by Windows Service
Is UseIISPlatformHandler() deprecated correctly to UseIIS()?
Can host ASP.NET Core site through console but not through IIS
Is appsettings.json protected by IIS?
ASP.NET Core URL Rewriting

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!