path with a dot in web.config <location>

I had a similar problem where I had a ASP.NET Forms site that was forcing authentication on all pages.

To expand on the accepted answer, here is the exact web.config I put in the /.well-known folder (NOT the /.well-known/acme-challenge folder):

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <!-- This will stop any redirects you have at the higher level -->
    <httpRedirect enabled="false" />

    <!-- This will stop any integrated mode settings you have at the higher level -->
    <validation validateIntegratedModeConfiguration="false"/>
  </system.webServer>

  <!-- This will allow unauthenticated users to acme-challenge subfolder -->
  <location path="acme-challenge">
    <system.web>
      <authorization>
        <allow users="*"/>
      </authorization>
    </system.web>
  </location>
</configuration>

After adding this file, I was able to use EcdsaAcmeNet to use Lets Encrypt with the site in IIS.


As suggested by Ondrej Svedjdar in comments, the solution is so simple I didn't think about it.

Just add another web.config file in the folder where you need it.