Validation With IIS Server for Let's Encrypt

Let's Encrypt needs to validate your domain before issuing a valid certificate. This troubleshooting tip applies if you decide to use the HTTP - Other option in Xeams and are using an IIS server on port 80. Refer to the following screenshot for an example:

Let's Encrypt Challenge with IIS server

Symptoms

While creating the certificate you get an error that say unable to validate the domain.

Steps to Fix

Before issuing a certificate Let's Encrypt will try to pull a file from your IIS server. This file is saved in C:\inetpub\wwwroot\Default\.well-known\acme-challenge folder. The name of the actual file is sent by Let's Encrypt. A sample name looks like: HkPoBSOjcSuNmBe39EY7_J25v84nSWYSlrng7D-xtQo. Let's Encrypt will try fetching this file from http://your.server.com/.well-known/acme-challenge/HkPoBSOjcSuNmBe39EY7_J25v84nSWYSlrng7D-xtQo.

Notice there is no file extension for this URL. By default, an IIS server does not serve files without extensions. To fix, you will have to manually modify web.config file and add a new MIME type. For example:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
     <system.webServer>
         <staticContent>
             <mimeMap fileExtension="." mimeType="text/xml" />
         </staticContent>
     </system.webServer>
</configuration>


Once done, create a dummy file without extension in this folder and try fetching it from a browser to confirm IIS serves that dummy file.