path with a dot in web.config <location>
I had a similar problem where I had a ASP.NET Forms site that was forcing authentication on all pages.
To expand on the accepted answer, here is the exact web.config I put in the /.well-known
folder (NOT the /.well-known/acme-challenge
folder):
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<!-- This will stop any redirects you have at the higher level -->
<httpRedirect enabled="false" />
<!-- This will stop any integrated mode settings you have at the higher level -->
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
<!-- This will allow unauthenticated users to acme-challenge subfolder -->
<location path="acme-challenge">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
</configuration>
After adding this file, I was able to use EcdsaAcmeNet to use Lets Encrypt with the site in IIS.
As suggested by Ondrej Svedjdar in comments, the solution is so simple I didn't think about it.
Just add another web.config file in the folder where you need it.