7

I'm trying to use the Certify SSL Manager to configure SSL certificates from Let's Encrypt on my IIS server, but it fails during the check.

https://dev.mywebsite.com/.well-known/acme-challenge/configcheck/

This works:
https://dev.mywebsite.com/well-known/acme-challenge/configcheck https://dev.mywebsite.com/.well-known/acme-challenge/test.txt

So I assumed it's the . before well-known. But the fact that test.txt works confuses me.

I've already configured the directory according to this discussion: https://github.com/ebekker/ACMESharp/issues/15

I have a bunch of rewrite stuff in my web.config, but even if I remove that section completely, it still fails.

Yunnosch
  • 26,130
  • 9
  • 42
  • 54
Remy
  • 12,555
  • 14
  • 64
  • 104
  • 1
    Do you have ignore this route in your RouteConfig ? – GGO Sep 12 '17 at 11:59
  • Have you try that : https://stackoverflow.com/questions/43409878/set-web-config-for-letsencrypt-certify-with-asp-net-core-and-angular-2-javasc ? – GGO Sep 12 '17 at 12:04
  • I've tried adding the web.config as suggested in the 2nd answer, but didn't help. Will try the ignore this route. – Remy Sep 12 '17 at 12:20
  • Can we see your web.config ? Do you have any rewrite rules ? – GGO Sep 12 '17 at 18:46
  • Please do not edit solution announcements into the question. Accept (i.e. click the "tick" next to it) one of the existing answer, if there are any. You can also create your own answer, and even accept it, if your solution is not yet covered by an existing answer. Compare https://stackoverflow.com/help/self-answer – Yunnosch Jan 10 '22 at 06:50
  • Don't think I did. The "This works:" part of the question is just a status of what works and what not, but not the solution. – Remy Mar 05 '22 at 02:33

4 Answers4

4

Perhaps check if the acme-challenge web.config contains a conflict within the handler section. Do so by opening IIS manager, find the acme-challenge folder en double click the handler mapping icon. In my case, this resulted in an error.

The problem I ran into with the default web.config in the acme-challenge folder was that the applicationhost.config contained:

<section name="handlers" overrideModeDefault="Deny" />

The handlers section in the acme-challenge web.config therefore was not allowed with the result that the challenge failed. In this case the solutions were: Change applicationhost.config line to:

<section name="handlers" overrideModeDefault="Allow" />

Or ... Remove the handlers setting from the web.config in acme-challenge folder.

The applicationhost.config can be found here: c:\windows\system32\inetsrv\config

Paul0515
  • 23,515
  • 9
  • 32
  • 47
3

The configcheck url is a file, not a directory. Make sure that file exists on disk (i.e. C:\inetpub\wwwroot\.well-known\acme-challenge\configcheck) in your webroot. Then try to load your links with this barebones web.config in your website root directory (if using ASP.NET):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="application/unknown" />
        </staticContent>
    </system.webServer>
</configuration>

If that works, try slowly adding back in your web.config sections including routes/rewrite until you figure out what's causing the problem.

If using ASP.NET Core with a wwwroot folder hosting your static files, you'll have to modify your config in Startup.cs instead:

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
    string filepath = Path.Combine(Directory.GetCurrentDirectory(), @"wwwroot/.well-known");
    app.UseStaticFiles(new StaticFileOptions()
    {
        FileProvider = new PhysicalFileProvider(filepath),
        RequestPath = new PathString("/.well-known"),
        ServeUnknownFileTypes = true
    });
    // ... your other startup code here
}
Marcus L
  • 463
  • 4
  • 7
0

I had to modify the web.config as follow to fix the error:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <system.webServer>
      <staticContent>
         <mimeMap fileExtension="*" mimeType="text/plain" />
      </staticContent>
      <handlers>
         <clear />
         <add name="StaticFile" path="*" verb="*" type=""
            modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
            scriptProcessor="" resourceType="Either" requireAccess="Read"
            allowPathInfo="true" preCondition="" responseBufferLimit="4194304" />
      </handlers>
   </system.webServer>
</configuration>
Nicola Di Lillo
  • 1,761
  • 1
  • 11
  • 9
0

In some cases, just delete and recreate the .well-known folder.

Aprendiz
  • 23
  • 5