-1

I am struggling with generating LetsEncrypt SAN SSL for SBS 2011 for few days. All is going fine, until ACME CHALLENGE verification. I cannot use DNS verification, because DNS is at ISP and it takes days for any change to get live. So only HTTP validation can be used.

Where IIS stucks?

Simply when it tries to server extension-less ACME VALIDATION file, IIS returns 404 ERROR. File is there, Acme client generates it just fine in proper folder, but it does not show up via web browser, just 404 error due to MIME type. When testing with test.html file in same folder it gets displayed properly, no problem.

I've already tried:

  • Adding MIME type text/plain for "." and ".*" extensions, but no go
  • Moved StaticFile mappings above ExtensionLessUrlHandlers, but still no go
  • Edited applicationhost.config file and set to Allow: <section name="handlers" overrideModeDefault="Allow" />
  • Restarted IIS and whole server, still at no avail
  • Used different LE clients, but all of them use IIS and stuck at the same point
  • Solution from here does NOT work: IIS: How to serve a file without extension?

When I try localy, I always get this 404 Error in browser:

HTTP Error 404.0 - Not Found
The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.

Module  IIS Web Core
Notification    MapRequestHandler
Handler StaticFile
Error Code  0x80070002

Any more idea?

Labsy
  • 19
  • 7
  • Might be duplicate to https://stackoverflow.com/questions/34770904/letsencrypt-acme-challenge-on-wordpress-or-asp-net-mvc – Lex Li Nov 03 '18 at 20:16
  • Unfortunatelly no, I've checked this solution, too and it does not work. Still 404 error. Must be something else... – Labsy Nov 03 '18 at 21:04
  • 404 is a huge family itself, so check the sub status code first, https://support.microsoft.com/en-ca/help/943891/the-http-status-code-in-iis-7-0-iis-7-5-and-iis-8-0 Or you need to use failed request tracing to check what exactly you hit. – Lex Li Nov 03 '18 at 22:17
  • It is `404.0 Not Found` as mentioned earlier. Didn't have luck with Failed Request Tracking, as nothing was logged...or I did it wrong. IIS here simply does not want to serve extension-less files. – Labsy Nov 03 '18 at 22:50
  • 404.0 is completely something different from "does not want to serve extension-less files" if you carefully read KB943891. You have to get failed request tracing enabled at site level and add a rule to track down 404. Otherwise, nobody can help tell what's the real cause. When that goes beyond your capability, open a support case via http://support.microsoft.com and let Microsoft support team show you how. – Lex Li Nov 03 '18 at 22:52
  • Well, maybe I get it wrong, but if in the same manner I put .html extension to the same ACME verification file `/.well-known/acme-challenge/eY6yMbHbif7pcOmQVDKXNxtr1t4BNt1B34mBdK33l38` to become `/.well-known/acme-challenge/eY6yMbHbif7pcOmQVDKXNxtr1t4BNt1B34mBdK33l38.html`, file displays just fine. Beside, if I would have $$$, I would not ask here but rather hire an expert to solve problems for me. This is quest to earn 100 $ in case I solve the problem, and only 20 $ in case I don't. But I prefer earning more & learning more. :) – Labsy Nov 04 '18 at 12:11
  • Lex, I found out where I missed the point of Failed Request Tracing (must enable it under Default Web Site in my case, only then Add tracing). So here's what I've got - only one warning, step 83 of the failed request 404.0 Error code: `MODULE_SET_RESPONSE_ERROR_STATUS Warning ModuleName="IIS Web Core", Notification="MAP_REQUEST_HANDLER", HttpStatus="404", HttpReason="Not Found", HttpSubStatus="0", ErrorCode="The system cannot find the file specified. (0x80070002)", ConfigExceptionInfo=""` – Labsy Nov 04 '18 at 17:13
  • Ups! Caching is getting on the way! While I was testing I noticed that older versions of files are displayed, regardless of cleared cache in IE or Chrome. Let me sort that out first... – Labsy Nov 04 '18 at 17:28
  • Additionally, I obviously messed up somewhere, because now for any application under Default Web Site (Autodiscover, ECP, EWS, OWA...) I get "invalid Application Path" error when I try to Test Connection Settings. Sjit... – Labsy Nov 04 '18 at 17:40

1 Answers1

1

Sorry, folks! It was my bad, not being carefull enough when passing details to you. The solution to add "." as MIME Type "text/plain" is the only thing needed in my OP case.

What was wrong in my case was the "autodiscover" sub-domain, which I still do not know, where it's being served from, but definitelly it is NOT from "Autodiscover" application under Default Web Site. As of now, when I browse "autodiscover.domain.com..." link I still get cached test.html content, but I've deleted all test.html files which I planted there. Ok, but, that's not the subject here.

BTW...LE test failed on my Firewall on Country Blocking rules. Oh, my...

Thank you for participation.

Labsy
  • 19
  • 7