This website uses cookies We use cookies on this website to provide services, features and to analyze our traffic. You consent to our cookies if you continue to use our website. Accept Cookies Find out more

UrlRewrite Pass-Through Rule for Let's Encrypt / SSLFORFREE Manual Verification

KB293 Last reviewed 07 August 2017

Introduction

This article describes the creation of a URL Rewrite rule that facilitates the manual verification of domains for a Let's Encrypt / SSLFORFREE SSL certificate. This rule is especially useful with websites that run exclusively in HTTPS/SSL (i.e. secure) connections or with sites that have expired SSL certificates.

This rule is useful as all domain verification requests are made using standard, non secure HTTP requests.

Creating the Rule

URL Rewrite rules have to be manually defined in a website's configuration file, web.config. It is not possible to configure URL Rewrite rules via the hosting control panel.

1. Download your website's web.config file and make a backup of the file. You can do this either via FTP or the file manager in the hosting control (Hosting Control Panel > Hosting Space > File Manager)

2. Amend your web.config file by inserting the following URL Rewrite rule. Be careful when editing a web.config file as it is an XML file and so the various values are case sensitive.

If your web.config does not contain the section, see the example below on how the web.config should be constructed.

<rule name="SslForFree Manual Verification Pass Through" stopProcessing="true">
    <match url="\.well\-known/acme-challenge/(.*)" />
    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
    <action type="None" />
</rule>

3. Upload the altered web.config file and then visit your website to force the loading of the new setting. If there is a problem with your web.config (incorrect formatting or case etc), you will receive an HTTP 500 error.

Example

The following sample web.config includes two rules: The rule defined in this article and another rule that redirects HTTP requests (i.e. non secure) to an equivalent HTTPS (SSL secure) address. As indicated above, the SSLFORFREE rule should be the first defined rule to avoid unwanted behaviour. This is relevant in this example as the 2nd rule would redirect any requests to an HTTPS address.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
		<caching enabled="false" enableKernelCache="false" />
		<rewrite>
            <rules>
				<clear />
                <rule name="SslForFree Manual Verification Pass Through" stopProcessing="true">
                    <match url="\.well\-known/acme-challenge/(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
                    <action type="None" />
                </rule>
                <rule name="HTTP to HTTPS" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="SeeOther" />
                </rule>
            </rules>
        </rewrite>
        <directoryBrowse enabled="false" />
        <defaultDocument>
            <files>
                <clear />
                <add value="Default.htm" />
                <add value="Default.asp" />
                <add value="index.htm" />
                <add value="index.html" />
                <add value="iisstart.htm" />
                <add value="index.php" />
                <add value="default.aspx" />
            </files>
        </defaultDocument>
        <httpErrors errorMode="Off" existingResponse="Auto" />
    </system.webServer>
</configuration>
 Loading ...
Copyright © 2018 . All Rights Reserved