certbot IIS meldet 404

**leo_80** · 11.04.20, 18:19

Hallo zusammen,

ich versuche auf einer Debian VM den certbot zur Zertifikatausstellung zu betrauen.
Der Webserver ist ein Windows Server 2019 IIS 10.0.

Das Webrootverzeichnis habe per cifs-utils gemountet.

Code:

/etc/fstab:

//192.168.99.254/wwwroot /usr/share/wwwroot cifs user=***,password=***,domain=*** 0 0

Leider meldet der IIS 404

Code:

certbot certonly --dry-run --webroot --webroot-path /usr/share/wwwroot -d mail.***.de:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for mail.***.de
Using the webroot path /usr/share/wwwroot for all unmatched domains.
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. mail.exitocom.de (http-01): urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://mail.***.de/.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM [***::1]: 404

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: mail.exitocom.de
   Type:   unauthorized
   Detail: Invalid response from
   http://mail.***.de/.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM
   [***::1]: 404

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

Das bestätigt sich auch:

Code:

touch /usr/share/wwwroot/.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM
telnet 192.168.99.254 80
Trying 192.168.99.254...
Connected to 192.168.99.254.
Escape character is '^]'.
GET /.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM HTTP/1.1
HOST: mail.***.de

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/10.0
Date: Sat, 11 Apr 2020 15:01:58 GMT
Content-Length: 0

Der findet die Datei nicht, weil sie keine Dateiendung hat.

wenn ich .html anfüge kommt 200

Code:

touch /usr/share/wwwroot/.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM.html
telnet 192.168.99.254 80
Trying 192.168.99.254...
Connected to 192.168.99.254.
Escape character is '^]'.
GET /.well-known/acme-challenge/dUFZ-FuIQKJJ5UacrtshHY1rvSazp1PbuWQi517DKuM.html HTTP/1.1
HOST: mail.***.de

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Sat, 11 Apr 2020 17:04:22 GMT
Accept-Ranges: bytes
ETag: W/"58faf23e2310d61:0"
Server: Microsoft-IIS/10.0
Date: Sat, 11 Apr 2020 15:11:32 GMT
Content-Length: 0

Irgendjemand eine Idee?