Allow Let’s Encrypt automatic renewal when redirecting HTTP to HTTPS

Let’s Encrypt requires HTTP (port 80) to issue and renew certificates, however, if you have a HTTP to HTTPS redirect or rewrite rule in place, this will cause issuing or renewals to fail. We have the following recommendations for IIS URL Rewrite (web.config) and Apache (or IIS Helicon Ape) .htaccess rules to allow the .well-known folders to be served over HTTP.

IIS – web.config or Helicon Ape

For URL Rewrite, add the following rewrite rule to your web.config file’s <rewrite> section, this rule must be first in the rewrite section…

<rule name="ACME / Let's Encrypt Verification" stopProcessing="true">
    <match url="^\.well-known(.*)" />
    <action type="None" />

For Helicon Ape, add this line to the .htaccess file in your wwwroot under the RewriteEngine On directive

RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge

Apache – .htaccess

Add this line to your site’s root .htaccess file directly under the RewriteEngine On directive

RewriteCond %{REQUEST_URI} !\.well-known/acme-challenge