Acme Challenge In wwwroot?

Hi all,

Does CTW support placing the .well-known/acme files in the wwwroot?

I just created a test site on IIS, placed a wwwroot folder in it, but CTW still placed these files next to the wwwroot folder, instead of in it.

I can find no setting for this. I don’t think renewal will work correctly for my .NET Core site, if this feature is not supported.



Ok, I just found the ‘Site Root Folder’ setting in the Authorization section.

Never mind.

1 Like

For servers that use http.sys such as IIS, Certify has a built in http listener that temporarily sits in front of IIS etc during validation.

That means the whole IIS part is skipped and is usually not even required unless for some reason the http challenge server is disabled or can’t run. We should really skip creating those files/folders unless the challenge server runs into issue.

Doesn’t Let’s Encrypt require those files to be there during the creation/renewal process?

Think of them as existing in two places at once. The IIS versions don’t need to exist when the temporary challenge server has them. The temporary challenge server tells Windows to use it for /.well-known/ requests instead of seeing if IIS wants to handle it.

Yes the temporary challenge server is like an in-memory webserver and it co-exists with IIS transparently.

So you guys are discussing letting the acme challenge files be served temporarily from memory, as opposed to files on disk?

I used to run a script that auto renewed my certificates and loaded them into IIS. I was just not able to figure out how to set the certs on my sites. But now I have CTW handling this for me.

Very happy to have found a complete solution for my SSL certs. I don’t mind those temp acme files much.

Yes, the default behavior is to serve the challenge responses from memory. So you shouldn’t have to do anything more to get the certificate requests to work.

Doesn’t look like that to me. I have a combobox with 2 options: http-01 and dns-01. I have to select one of them. And the http-01 is selected by default.

How to make use of the response-from-memory, then?

Jay, it’s automatic and it’s the default unless you’ve switched it off (Settings > Renewal Settings > Enable Http Challenge Server).

You haven’t mentioned if renewal is actually failing? If you click Request Certificate does it all work or not? Automatic renewal is exactly the same as clicking that button except it only happens when the default renewal interval time has elapsed.