web-configazure-web-app-servicelets-encryptchallenge-response

Lets encypt challenge requests fail when virtual path is modified and not wwroot

I'm switching to Lets Encrypt for all my certs and the web jobs are failing on my Laravel and Zend apps because the challenge requests fail. For my static sites everything works fine, for the Laravel/Zend sites the virtual path has been modified from 'wwwroot' to 'wwwroot/public'.

I'm not sure what I need to add to my web.config file to pass the challenge requests through to '/well-known/acme-challenge'.

My web.config is as below, I've tried moving the contents of the '/.well-known/acme-challenge/web.config' into it, tried to pass through challenge requests to '/.well-known...', added other mappings, I can't get anything to work.

Up until now, to renew the certs every quarter I have been modifying the virtual path back to 'wwwroot' and then manually running the web job, obviously this isn't a good solution.

web.config for my app

<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Imported Rule 1" stopProcessing="true">
          <match url="^(.*)/$" ignoreCase="false" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
          </conditions>
          <action type="Redirect" redirectType="Permanent" url="/{R:1}" />
        </rule>
        <rule name="Imported Rule 2" stopProcessing="true">
          <match url="^" ignoreCase="false" />
          <conditions>
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
          </conditions>
          <action type="Rewrite" url="index.php" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

web.config for ./well-known/acme-challenge

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <clear />
      <add name="ACMEStaticFile" path="*" verb="*" modules="StaticFileModule" resourceType="Either" requireAccess="Read" />
    </handlers>
    <staticContent>
      <remove fileExtension="." />
      <mimeMap fileExtension="." mimeType="text/plain" />
    </staticContent>
  </system.webServer>
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>

I'm using 0.9.3 of the Azure Let's Encrypt extension by SJKP

Thank you in advance.

Solution

  • Turns out I have answered this myself.

    I needed to add a path mapping.

    Virtual path: /.well-known Physical path: site\wwwroot.well-known Type: Directory