Unable to issue a Let’s Encrypt certificate: an ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode

Symptoms

• Attempting to issue a Let's Encrypt certificate for example.com domain fails with a generic 403 error:

  Status: 403
  Detail: Invalid response from http://example.com/.well-known/acme-challenge/WTAKI-FRel8tZZKYyhM2UfzvM9TWk02r4fZ__cjuCkU:

• Accessing the token link from the error message via browser results in the following error:

  HTTP Error 500.24 - external Server Error
  An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode.
  Detailed Error Information:
  Module ConfigurationValidationModule
  Notification BeginRequest
  Handler ExtensionlessUrlHandler-Integrated-4.0
  Error code 0x80070032

Cause

ASP.Net Impersonation is enabled in IIS > server_name > Authentication or in IIS > sites > example.com > Authentication.

Resolution

Disable ASP.Net Impersonation in IIS:

1. Connect to the server via RDP
2. Navigate to IIS > server_name > Authentication or IIS > sites > example.com > Authentication
3. Right-click the ASP.Net Impersonation setting and select Disable

If it is not possible to disable the impersonation settings due to specific website configuration, change the pipeline mode for the acme-challenge application pool:

1. Connect to the server via RDP
2. Navigate to IIS > Applications pools > acme-challenge > Basic Settings
3. Switch Managed pipeline mode to "Classic"