-1

I’m trying to obtain an SSL certificate for my WordPress site hosted on IIS on a Windows Server 2022 machine using Win-acme (v2.2.9.1701). However, I’m encountering an issue during the HTTP-01 validation process.

Server Setup:

  • Web Server: IIS on Windows Server 2022

  • Win-acme Version: 2.2.9.1701

  • WordPress installed in C:\inetpub\wwwroot\my-wordpress-folder

Problem:

When running Win-acme to obtain an SSL certificate, I receive the following error message during the HTTP-01 challenge validation step:

{"type":"urn:ietf:params:acme:error:connection","detail":"my-static-ip : Fetching http://example.com/.well-known/acme-challenge/rFvoxqdhXc7brikfPdR8weM1R9OaC_6AwX86IQEJssg: Timeout during connect (likely firewall problem)","status":400}

What I've Tried:

Firewall:

Disabled the firewall entirely for testing.

Directory Setup:

I created the following directory structure in my WordPress root:

C:\inetpub\wwwroot\my-wordpress-folder\.well-known\acme-challenge

I placed a test file named test-file (without any extension) inside the acme-challenge directory.

Permissions:

I’ve confirmed that the IIS user (IUSR and IIS_IUSRS) has read permissions for the .well-known directory and its contents.

Testing Access:

When I access the file locally using http://example.com/.well-known/acme-challenge/test-file, I receive 404 file not found.

Questions :

  1. Why is the file not being served by IIS even though the directory structure and permissions are correct?

  2. What could be causing the timeout during the HTTP-01 validation?

  3. Are there any additional IIS configurations I might be missing to allow this challenge to pass?

Any help would be greatly appreciated!

Improve this question

1 Answer 1

Reset to default
0

What do you see in the IIS logs when those connection attempts are made, including when you try reaching that URL yourself?

While I've gotten this working in IIS myself, all our WP sites are on Linux rather than our IIS boxes. However, on Linux at least I know that WordPress uses various redirect rules to display the URL path that's different to the actual folder path on the server, such that if you tried to directly link to a file at a known folder location you'll often find it gets a 404, as the redirection gets in the way. So I wonder is the same happening under IIS.

If that is the case, then I imagine you have rewrite rules in place in IIS / web.config, so you need to add some additional rules / exceptions to those to exclude the /.well-known/acme-challenge/ folders from being changed.

Couple of examples can be found here :

Rewriting a url in iis from a subdomain so letsencrypt will find the challenge key

https://stackoverflow.com/questions/47366877/url-rewrite-http-to-https-and-lets-encrypt

Improve this answer
1
  • 404s on IIS could also be the result of an unknown mimetype. Commented Nov 7, 2024 at 20:52

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.