Following this guide for windows installation, i try the webroot method, from an elevated cmd shell:
C:\WINDOWS\system32> certbot certonly --webroot
The command fails with unauthorized error, because IIS is does not expose hidden folder .well-known created by certbot tool.
I am running IIS 8.5 on a windows server.
How can i enable hidden folders in IIS?
Despite the error returned by certbot says type:unauthorized, and the warning on the certbot guide about how hidden folder may be treated differently by IIS, the real problem is that IIS doesn't serve files with no extension, by default.
The path that letencrypt servers try to access is something like:
http://mydmain/.well-known/acme-challenge/<token>
where as no file extension.
To IIS serve files with no extension, he needs to know what is the content type for those files. To do tell him, add the following mimemap setting to the web.config file:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="text/xml" />
</staticContent>
</system.webServer>
</configuration>
To prevent exposure of unwanted content from your site, add a web.config file with that content to the .well-know folder
Try access some no extension file on that folder before run certbot again.