For servers that use http.sys such as IIS, Certify has a built in http listener that temporarily sits in front of IIS etc during validation.
That means the whole IIS part is skipped and is usually not even required unless for some reason the http challenge server is disabled or can’t run. We should really skip creating those files/folders unless the challenge server runs into issue.
Think of them as existing in two places at once. The IIS versions don’t need to exist when the temporary challenge server has them. The temporary challenge server tells Windows to use it for /.well-known/ requests instead of seeing if IIS wants to handle it.
So you guys are discussing letting the acme challenge files be served temporarily from memory, as opposed to files on disk?
I used to run a script that auto renewed my certificates and loaded them into IIS. I was just not able to figure out how to set the certs on my sites. But now I have CTW handling this for me.
Very happy to have found a complete solution for my SSL certs. I don’t mind those temp acme files much.
Yes, the default behavior is to serve the challenge responses from memory. So you shouldn’t have to do anything more to get the certificate requests to work.
Doesn’t look like that to me. I have a combobox with 2 options: http-01 and dns-01. I have to select one of them. And the http-01 is selected by default.
How to make use of the response-from-memory, then?
Jay, it’s automatic and it’s the default unless you’ve switched it off (Settings > Renewal Settings > Enable Http Challenge Server).
You haven’t mentioned if renewal is actually failing? If you click Request Certificate does it all work or not? Automatic renewal is exactly the same as clicking that button except it only happens when the default renewal interval time has elapsed.