I'm having an issue with the above. Basically, I have a webmail.domain.com that I use IIS to redirect to.
When it's time to renew my certificates though, I have to manually disable the webmail rule, and then run the client. Otherwise it won't renew the certs for the webmail.example.com because it's looking under example.com/.well-known/acme-challenge but it's being redirected to webmail.example.com/.well-known/acme-challenge which doesn't exist.
So, I wrote a rule to rewrite the url so that anything looking for /.well-known will be rewritten as https://example.com/.well-known/acme-challenge/whateverthekeyis.
It appears to rewrite the urls correctly, but, the file isn't being served. Which is where I'm a bit stymied. It serves the challenges fine if I disable the rewrite rule(aside from the webmail one) so I'm not really sure what the issue is. There's a webconfig in the acme-challenge to serve extensionless files, and I also have it setup in iis. The url seems to be correct along with the physical path. But, it's clearly not serving the file.
I get a 404.4 not found error when I try to access the url using the rewrite rule to rewrite and webmail.example.com to just example.com.
The resource you are looking for does not have a handler associated with it.
Most likely causes:
The file extension for the requested URL does not have a handler configured to process the request on the Web server.
Requested URL https://example.com:443/.well-known/acme-challenge/X2cp9qv-ymePYfNERRjh5n8pmxvlvWxMqZUhyaSL
Physical Path C:\inetpub\wwwroot\.well-known\acme-challenge\X2cp9qv-ymePYfNERRjh5n8pmxvlvWxMqZUhyaSL
But, without the rewrite rule, I can access that url from my browser.
Any ideas?
Best Answer
Please do not use redirects for the folder containing acme-challenges.
Multiple reasons will prevent Let's Encrypt domain validation over HTTP if you try to redirect requests the way you intend to:
I recommend the following IIS web.config for the acme-challenge folder, if you have installed the rewrite module. It disables rewrites/redirects for this folder, adds the mimetype for extensionless files and ensures the staticfile handler is used:
For Servers without rewrite module you can skip the
<rewrite>
section.Hope this helps. Good Luck!