Hi, I’ve been trying to get this to work too, for 2 days now, but can’t… any help will be appreciated.
I have two Azure VMs running IIS behind an Azure Load Balancer (standard). I can get certificates for wildcard domains via a DNS challenge, but can’t get http-01 challenge to work. Since the sites we’ll be hosting for customers will be a subdomain they create and route to our public Azure IP, we can’t use DNS challenges.
I’m using an Azure FileShare, mapped as a network drive to each VM. When I put the IIS site on there (using drive letter or UNC), I get this in the Certify log when I request a certificate:
Using website path E:\Sites\sitename
The website root path for sitename could not be determined. Request cannot continue.
I’ve turned off the ‘Enable HTTP Challenge Server’ setting.
I’ve tried the virtual directory approach, creating a virtual directory under the site called ‘.well-known’, with a physical path of E:.well-known. It gets past the point of the website root path, but then gives me this:
Failed to confirm URL is accessible : http://doman.name/.well-known/acme-challenge/S39AGPI-4eD-4M56iO8wWuT0Sp1BIbYDp3Nq-vfnvgQ
System.Net.WebException: The remote server returned an error: (500) Internal Server Error.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory1.FromAsyncCoreLogic(IAsyncResult iar, Func
2 endFunction, Action1 endAction, Task
1 promise, Boolean requiresSynchronization)
— End of stack trace from previous location where exception was thrown —
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Certify.Management.NetworkUtils.d__4.MoveNext() in C:\Work\GIT\certify_dev\certify\src\Certify.Shared\Management\NetworkUtils.cs:line 153
I’ve tried setting the Site root directory to e:\ (as suggested in previous posts) and get this again:
[INF] Using website path e:
[ERR] The website root path for sitename could not be determined. Request cannot continue.
i.e. the same as above.
As mentioned, E: is an Azure FileShare mapped to this drive, identically on both VMs. I have also tried using a local drive (C:), using Azure FileSync, I can see the well-known folder/files being created, but they don’t sync fast enough between the servers for the authentication to work (is there a setting/way to delay the http challenge for 90 secs, like for the DNS challenge?).
If I run the certify on both servers, one will succeed (i.e. the one the load balancer is currently failing) and the other gives the issues above - i.e. I’ve no reason to believe there’s an issue with DNS or site config, etc.
I’ll consider any other solution - Using an Azure App Gateway, using IIS Centralized Certificates, or anything else that may work. Ideally I’d like to consider using Certify (we’ve used it for a while and really value the automated renewal), but at the moment I’m open to any solution that will work.
At the moment, this is a new hosting build, i.e. I can change anything on the Azure config, but I really need to get this live before the end of the week.
Any help appreciated, I’m tearing my hair out with this one and really stuck for what I can try next!