Lets Encrypt Web.config IIS Redirect for HTTP to HTTPs Allowing HTTP access to the .well-known Folder

Let's Encrypt offers a neat service providing free SSL certificates which can be renewed through a service. However, the renewal process itself can be tricky : it requires the Let's Encrypt servers to access to your server's filesystem along a non-HTTPs connection. This may sound simple, until you consider that you may also want to have a generic redirect from all other non-HTTPs requests to their HTTPs equivalent.

So how do you include the best type of 301 redirect, while also separately allow through any requests to the required to the ./well-known folder and all of it's sub-folders? Luckily redirects are infinitely configurable in IIS, and below are some of the ways we have achieved this using Web.config redirects

This is specified as two rules, the first saying to 'take no action' for any requests that includes .well-known/<anything>, thereby causing IIS to ignore the second rule which says "redirect all requests that are not HTTPs to the corresponding HTTPs equivalent. So accessing will automatically redirect (with a 301 to  unless the .well-known pattern is found at the start of the request.

<!-- Add to web.config in system.webserver element -->
                <rule name="Allow LetsEncrypt" patternSyntax="Wildcard" stopProcessing="true">
                    <match url=".well-known/*" />
                    <action type="None" />
                <rule name="Redirect HTTP to HTTPS" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="*" ignoreCase="false" />
                        <add input="{HTTPS}" pattern="off" />
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" />

Need an Umbraco Master?

Here at Simon Antony, we have an in house certified Umbraco Grand Master available for hire. Got a problem with your site, need architecture advice, give us a call to speak to Simon directly and see how we can help

Contact Simon Today!