Articles in this section

Unable to issue a Let's Encrypt certificate: an ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode

Vincent Lauton
Updated
Plesk for Windows kb: technical ext: le

Applicable to:

  • Plesk for Windows

Symptoms

  • Attempting to issue a Let's Encrypt certificate for example.com domain fails with a generic 403 error:

    PLESK_ERROR: Status: 403
    Detail: Invalid response from http://example.com/.well-known/acme-challenge/WTAKI-FRel8tZZKYyhM2UfzvM9TWk02r4fZ__cjuCkU:

  • Accessing the token link from the error message via browser results in the following error:

    CONFIG_TEXT: HTTP Error 500.24 - Internal Server Error
    An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
    Detailed Error Information:
    Module ConfigurationValidationModule
    Notification BeginRequest
    Handler ExtensionlessUrlHandler-Integrated-4.0
    Error code 0x80070032

Cause

ASP.Net Impersonation is enabled in IIS > server_name > Authentication or in IIS > sites > example.com > Authentication.

This can also be confirmed by checking the %plesk_vhosts%example.com\httpdocs\web.config file - the following line will be present:

CONFIG_TEXT: <system.web>
...
<identity impersonate="true" />
</system.web>

Resolution

Disable ASP.Net Impersonation in IIS:

  1. Connect to the server via RDP
  2. Navigate to IIS > server_name > Authentication or IIS > sites > example.com > Authentication
  3. Right-click the ASP.Net Impersonation setting and select Disable

If it is not possible to disable the impersonation settings due to specific website configuration, change the pipeline mode for the acme-challenge application pool:

  1. Connect to the server via RDP
  2. Navigate to IIS > Applications pools > acme-challenge > Basic Settings
  3. Switch Managed pipeline mode to "Classic"
Was this article helpful?

Comments

0 comments

Please sign in to leave a comment.