Web.config / clear tag / renew certificate

My domain is: weiland.dk
My web server is: Microsoft-IIS/10.0:
My hosting provider: unoeuro.com
I can login to a root shell on my machine: don’t know
I’m using a control panel to manage my site: no

I’m new to web.config and there seems to be a problem regarding Let’s Encrypt.
I have the following code in web.config:

    <clear />
<rule name="Allow LetsEncrypt" patternSyntax="Wildcard" stopProcessing="true">
<match url=".well-known/*" />
<action type="None" />
<rule name="Redirect non-www OR non-https to https://www">
<match url=".*" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^weiland.dk$" />
<add input="{HTTPS}" pattern="off" />
<action type="Redirect" url="https://www.weiland.dk/{R:0}" redirectType="Permanent"/>

... and some more rules..

My hosting provider informs me that the clear-tag means trouble when Let’s Encrypt renews itself every third months.
But when the clear tag is NOT there, URLS from the acme-challenge-folder is not accessible, but returns a 404-error. For example http://weiland.dk/.well-known/acme-challenge/1fr1GoNRew50h5yemIzdkjaBFAFCmYYkpnIR8yyOE8M.txt

When the clear tag is present, the acme-challenge ÚRL is accessible.

My question is:
The acme-challenge ÚRL should be accessible, right? But how do I avoid the clear tag?

I’ve found out that if I remove the following rule:

<rule name="AddTrailingSlashRule1" stopProcessing="true">
<match url="(.*[^/])$" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<action type="Redirect" url="{R:1}/" />

… then the acme-challenge URL is accessible. But that gives the rest of the website problems. How can I combine the rules, so that at slash is added, but not in the .well-known-folder?

If rules are processed top down, then this should come first:

If rules are processed in any other manner, then try merging them or Googling for "IIS 10 web.config rules" or something like that.

A couple of thoughts.

To allow access in IIS 8.5 (and higher) to the “dot” directory is not a problem, but access to a file with NO extension is. Therefore I put this in my web.config file:

  <mimeMap fileExtension="." mimeType="text/plain" />

Then to redirect to https: I have these rewrite rules:

<clear />
  <rule name="CanonicalHostNameRule1">
    <match url="(.*)" />
      <add input="{HTTP_HOST}" pattern="^domain\.com$" negate="true" />
    <action type="Redirect" url="https://domain.com/{R:1}" />
  <rule name="http to https" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
    <match url="(.*)" />
    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
      <add input="{HTTPS}" pattern="off" />
    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />

Note that the stopProcessing attribute must be the last rule in the <rules> section (top-down) because that prevents any other rules from being processed. Mine are separate tests and could have been combined but I’m too lazy to go in and change it. Pretty sure your regex needs to escape the dot in your URL since that is a wildcard match.

This morning my hosting provider has informed me that the url to access isn’t
… but
http://example.com/.well-known/acme-challenge/1fr1GoNRew50h5yemIzdkjaBFAFCmYYkpnIR8yyOE8M (without the .txt)

  • and all of a sudden there no longer is a problem! The last url does not result in a 404-error, when there is no clear-tag.

Thx for your input, Mushu and rg305!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.