Currently I redirect all HTTP (Port 80) traffic back to HTTPS traffic. When I need to renew my Let's Encrypt certificates I change my firewall rule for port 80 to point to an IIS server that I use to renew my SSL certs. While this has work well it is annoying as heck (not difficult) to have to do. I started think about ways I could modify my load balancer rules to send traffic with the /.well-known/acme-challenge/ to the IIS server and all other 80 traffic gets redirected to 443. any suggestion would be apprciated.
1
Joshua Gibson
So I figured it out
I created a Port 80 rules with two subVS the first subVS weight was 1100 and had Not Available Redirection Handling Error code set to 302 and the Redirect URL set to https://%h%s. The second SubVS has a weight of 1000 and has the IIS server I use to create my Let's Encrypt certs set as the real server. Next I created a Content rule based on section 6.8 of the Content Rules guide. Rule name is Lets_Encrypt, Rule Type is Content Matching, Match Type is Regular Expression, Header Field is left blank, Matching String is /^\/.well-known/ and ignore case is checked. Next I enabled Content Switching at the VS. I then added all my Content rules for my domains to the first SubVS so they will be redirected to HTTPS then I added the Lets_Encrypt Content Rule to the second SubVS.
The end result is now when I go to http://outlook.domain.com I get redirected to https://outlook.domain.com but if I go to http://outlook.domain.com/.well-known/acme-challenge the request gets passed to me IIS server that handles the certificate creation.
Please feel free to use this to create a guide for others.