Symptoms
-
When installing a Let's Encrypt certificate for a domain, the operation fails with the error message:
The authorization token is not available at http://example.com/.well-known/acme-challenge/347mK_j_YTyKfxB_tYSdcmzvlze0N5OJKcluSRxc9yY
...
Detail: 203.0.113.2: Invalid response from http://example.com/.well-known/acme-challenge/347mK_j_YTyKfxB_tYSdcmzvlze0N5OJKcluSRxc9yY: 403
Cause
Require SSL/TLS option is enabled at Domains > example.com > Hosting & DNS > IIS Settings.
When this option is enabled, challenge directory is accessed via HTTPS protocol, but the HTTP-01 challenge required by Let's Encrypt can only be done via HTTP protocol.
Resolution
-
Go to Domains > example.com > Hosting & DNS > IIS Settings > Directory Security Settings.
-
Disable Disable Require SSL/TLS option and apply the changes.
-
Re-issue the certificate at Domains > example.com > SSL/TLS certificates.
-
Re-enable Require SSL/TLS option at Domains > example.com > IIS Settings > Directory Security Settings if required.
with