I am using letsencrypt to generate SSL certificates on NopCommerce sites
These sites must all be run permanently from https and have redirects from http to https and from www to non www
As you know we can do this by setting force SSL in Nop settings.
However, when letsencrypt creates its certificates it creates a file on the site in question such as:
/.well-known/acme-challenge/werlkjwe098lkjweljkkjwre098
And then attempts to obtain that file from all the bindings in IIS to that site, so
http://www.mydomain.com/.well-known/acme-challenge/werlkjwe098lkjweljkkjwre098
http://mydomain.com/.well-known/acme-challenge/werlkjwe098lkjweljkkjwre098
The problem here is that these get redirected to https by Nop, or from www to non www, so it fails.
I had the idea to disable the SSL redirection in Nop and create the redirects I want using IIS rewite. This would then allow me to write a rule to exclude requests for this directory. However this wont work because most pages in Nop are set as SslRequirement.No by default as per https://github.com/nuodb/nopCommerce/blob/master/Presentation/Nop.Web.Framework/Security/NopHttpsRequirementAttribute.cs
This creates a redirect loop.
As I dont have source code access for all the nop sites we run Im stuck.
My only thought now was whether or not there is a way in IIS to stop any requests for "/.well-known/acme-challenge/" being routed through Nop at all, which would stop this redirect happening.
Anyone got any bright ideas?
thanks
John