Validation With IIS Server for Let's Encrypt
Let's Encrypt needs to validate your domain before issuing a valid certificate.
This troubleshooting tip applies if you decide to use the
HTTP - Other option in Xeams and are using
an IIS server on port 80. Refer to the following screenshot for an example:
Symptoms
While creating the certificate you get an error that say
unable to validate the domain.
Steps to Fix
Before issuing a certificate Let's Encrypt will try to pull a file from your IIS server. This file is saved in
C:\inetpub\wwwroot\Default\.well-known\acme-challenge
folder. The name of the actual file is sent
by Let's Encrypt. A sample name looks like:
HkPoBSOjcSuNmBe39EY7_J25v84nSWYSlrng7D-xtQo
. Let's Encrypt
will try fetching this file from
http://your.server.com/.well-known/acme-challenge/HkPoBSOjcSuNmBe39EY7_J25v84nSWYSlrng7D-xtQo
.
Notice there is no file extension for this URL. By default, an IIS server does not serve files without extensions. To
fix, you will have to manually modify web.config file and add a new MIME type. For example:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="text/xml" />
</staticContent>
</system.webServer>
</configuration>
Once done, create a dummy file without extension in this folder and try fetching it from a browser to
confirm IIS serves that dummy file.