Lets Encrypt ACME Challenge file not accessable from IIS

Question

I have been trying to generate a SSL certificate for one of our projects which is running on an Azure VM which has no IP restrictions. However, the challenge file which is generated throws a 404 error and is not accessible over the web.

I have tried the following:

Moving the static content type above the extension less options in IIS
Adding a mime type for text/json, text/html

None of the above work which is making it really hard for me to generate a SSL using this service. Any idea how I can make it accessible ? I have given full access to that specific App Pool identity so permissions don't seem to be an issue in this case, its just the way the extension less files are being handled in IIS

Any help is appreciated.

Thanks, Vishal

score 42 · Accepted Answer · answered Jan 15 '16 at 04:05

42

You just Add a New MIME Type on IIS like this .

and try use the url at your browser . you will see that Now you can Pass the lets-encrypt authentication :)

answered Jan 15 '16 at 04:05

King Jk

1,069
14
22

Thanks for the suggestion. I will try this and mark the answer correct if it works. – vishal vazkar Jan 15 '16 at 14:22
1

@vishalvazkar well, apparently you did not have time to try this or to come back and mark the answer - however this is the correct answer. – avs099 Apr 10 '17 at 22:28
While this absolutely works, I'm very puzzled why they couldn't just have made the challenge file a `.txt` file? Bizarre. Any security risks of such a setting? – Simon_Weaver Mar 07 '19 at 00:42

score 3 · Answer 2 · answered Nov 03 '20 at 05:56

3

Also, if you're using a system with lots of custom routing or a framework that interferes with how URLs are handled (e.g. a CMS), ensure that you've told it to ignore /.well-known

We often use Umbraco for public-facing sites and I keep forgetting that I need to add ~/.well-known to the umbracoReservedUrls app setting in the web.config. Hopefully next time I'm stuck, I'll come across this answer...

answered Nov 03 '20 at 05:56

Matt Wanchap

841
8
20

2

This was EXACTLY my issue! – Rob Scott Nov 26 '20 at 02:39

score 1 · Answer 3 · answered Sep 08 '18 at 19:06

Taking inspiration from the accepted answer, I did the following:

I was using plesk for windows on Godaddy. Go to

Web server settings

In the MIME types, added the following node and click OK.

text/plain .

Note the dot at the end of the above setting.

Lets Encrypt ACME Challenge file not accessable from IIS

3 Answers3