Home / server / Questions / 1032393
In Process
Miguel
Asked: 2020-09-03 02:43:26 +0800 CST

Can't download letsencrypt certificate using webroot method of certbot

  • 772

Following this guide for windows installation, i try the webroot method, from an elevated cmd shell:

C:\WINDOWS\system32> certbot certonly --webroot

The command fails with unauthorized error, because IIS is does not expose hidden folder .well-known created by certbot tool.

I am running IIS 8.5 on a windows server.

How can i enable hidden folders in IIS?

iis certbot lets-encrypt iis-8.5 windows-server-2012

1 Answers

  1. Despite the error returned by certbot says type:unauthorized, and the warning on the certbot guide about how hidden folder may be treated differently by IIS, the real problem is that IIS doesn't serve files with no extension, by default.

    The path that letencrypt servers try to access is something like:

    http://mydmain/.well-known/acme-challenge/<token>

    where as no file extension.

    To IIS serve files with no extension, he needs to know what is the content type for those files. To do tell him, add the following mimemap setting to the web.config file:

    <?xml version="1.0" encoding="UTF-8"?>
<configuration>
     <system.webServer>
         <staticContent>
             <mimeMap fileExtension="." mimeType="text/xml" />
         </staticContent>
     </system.webServer>
</configuration>

    To prevent exposure of unwanted content from your site, add a web.config file with that content to the .well-know folder

    Try access some no extension file on that folder before run certbot again.

    • 1