[GH-ISSUE #6] Error 404 when trying to open the acme challenge url #4

New issue

Closed

opened 2026-02-26 21:31:03 +03:00 by kerem · 1 comment

kerem commented 2026-02-26 21:31:03 +03:00

Owner

Copy link

Originally created by @petrnejedly on GitHub (Jan 14, 2018).
Original GitHub issue: https://github.com/ridercz/AutoACME/issues/6

Hi,

Let's say I own a domain "site.eu". In my IIS there are (among others) two separate WebSites:

• SiteEuWww (D:\WebSites\SiteEu\www)
• SiteEuNoWww (D:\WebSites\SiteEu\nowww)

The www directory is the root directory of my website. The nowww directory contains only a Web.Config file managing 301 redirects from no-www to www (<httpRedirect enabled="true" destination="https://www.site.eu" httpResponseStatus="Permanent" />). The site already uses a paid SSL certificate and I want to switch to Let's encrypt now.

Bindigs are set as follows:

• https://www.site.eu/ ==> SiteEuWww (website content)
• http://www.site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/)
• http://site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/)
• https://site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/)

When I try to request for a new certificate file (autoacme addhost www.site.eu) for the first time, the attempt to open an url address http://www.site.eu/.well-known/acme-challenge/ ends up with an error 404. I think that the url http://www.site.eu/.well-known/acme-challenge/ redirects to https://www.site.eu/.well-known/acme-challenge/ and now the error 404 occurs. I think the request does not go through the Url Rewrite module in IIS at this case.

Is there anything I can do to make it work in this scenario?

Originally created by @petrnejedly on GitHub (Jan 14, 2018). Original GitHub issue: https://github.com/ridercz/AutoACME/issues/6 Hi, Let's say I own a domain "site.eu". In my IIS there are (among others) two separate WebSites: - SiteEuWww (D:\WebSites\SiteEu\www) - SiteEuNoWww (D:\WebSites\SiteEu\nowww) The www directory is the root directory of my website. The nowww directory contains only a Web.Config file managing 301 redirects from no-www to www (```<httpRedirect enabled="true" destination="https://www.site.eu" httpResponseStatus="Permanent" />```). The site already uses a paid SSL certificate and I want to switch to Let's encrypt now. Bindigs are set as follows: - https://www.site.eu/ ==> SiteEuWww (website content) - http://www.site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/) - http://site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/) - https://site.eu/ ==> SiteEuNoWww (301 redirect to https://www.site.eu/) When I try to request for a new certificate file (```autoacme addhost www.site.eu```) for the first time, the attempt to open an url address *http://www.site.eu/.well-known/acme-challenge/<ticket-id>* ends up with an error 404. I think that the url *http://www.site.eu/.well-known/acme-challenge/<ticket-id>* redirects to *https://www.site.eu/.well-known/acme-challenge/<ticket-id>* and now the error 404 occurs. I think the request does not go through the *Url Rewrite* module in IIS at this case. Is there anything I can do to make it work in this scenario?

kerem referenced this issue 2026-02-26 21:31:03 +03:00

[GH-ISSUE #4] Multiple domains (SAN) with one certificate #6

kerem closed this issue 2026-02-26 21:31:03 +03:00

kerem commented 2026-02-26 21:31:04 +03:00

Author

Owner

Copy link

@ridercz commented on GitHub (Jan 14, 2018):

Your setup is quite unusual and I believe also needlessly complicated.

HTTP-01 challenge follows redirects. I believe you are redirecting to wrong address, ie. you are always redirecting to root URL, not the URL that was asked for.

I recommend you to create single site, which would have four bindings:

• http://www.site.eu/
• http://site.eu/
• https://www.site.eu
• https://site.eu/

Then use URL rewriting to redirect to the canonical address (www.site.eu) and HTTPS:

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="CanonicalHostName" stopProcessing="true" enabled="false">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^www\.site\.eu$" negate="true" />
          </conditions>
          <action type="Redirect" url="https://www.site.eu/{R:1}" redirectType="Permanent" />
        </rule>
      </rules>
      <rule name="ForceHTTPS" stopProcessing="true" enabled="true">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="^OFF$" />
        </conditions>
        <action type="Redirect" url="https://www.site.eu/{R:1}" redirectType="Permanent" />
      </rule>
    </rewrite>
  </system.webServer>
</configuration>

This redirect will retain the part of URL after host name and therefore everything will work correctly. AutoACME will then be able to get certs for both site.eu and www.site.eu.

<!-- gh-comment-id:357520023 --> @ridercz commented on GitHub (Jan 14, 2018): Your setup is quite unusual and I believe also needlessly complicated. HTTP-01 challenge follows redirects. I believe you are redirecting to wrong address, ie. you are always redirecting to root URL, not the URL that was asked for. I recommend you to create single site, which would have four bindings: * `http://www.site.eu/` * `http://site.eu/` * `https://www.site.eu` * `https://site.eu/` Then use URL rewriting to redirect to the canonical address (`www.site.eu`) and HTTPS: ``` <configuration> <system.webServer> <rewrite> <rules> <rule name="CanonicalHostName" stopProcessing="true" enabled="false"> <match url="(.*)" /> <conditions> <add input="{HTTP_HOST}" pattern="^www\.site\.eu$" negate="true" /> </conditions> <action type="Redirect" url="https://www.site.eu/{R:1}" redirectType="Permanent" /> </rule> </rules> <rule name="ForceHTTPS" stopProcessing="true" enabled="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://www.site.eu/{R:1}" redirectType="Permanent" /> </rule> </rewrite> </system.webServer> </configuration> ``` This redirect will retain the part of URL after host name and therefore everything will work correctly. AutoACME will then be able to get certs for both `site.eu` and `www.site.eu`.

kerem referenced this issue 2026-02-26 21:31:13 +03:00

[GH-ISSUE #17] AutoACME v2 plans and discussion #16

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/nuget/Portable.BouncyCastle-1.8.5.2

selfhost

v1.8.0

v1.7.0

v1.6.2

v1.6.1

v1.6.0

v1.5.3

v1.5.4

1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

pull-request

Mirrored from GitHub Pull Request

No labels

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AutoACME#4

No description provided.