Power Platform Community Forum Thread Details

Let's Encrypt ACME HTTP-01 challenge?

Is there a way to satisfy an ACME HTTP-01 certificate validation challenge with a power pages site, such one would have to do using Let's Encrypt? The DNS challenge is not an option, in my case, so it would have to be HTTP-01.

I have not made a lot of power pages yet, but I see that the page names can only include letters, numbers, and hyphens. At the end of the day, the challenge is really just "serve this one little file", but I don't think this platform will let you establish a URL path like "/.well-known/acme-challenge/" in front of the file's name.

Challenge Types - Let's Encrypt

Does power pages effectively make you have to pay for a TLS certificate, if you can't do the DNS validation?

Categories:

General

@Jakczxcv

ou're absolutely right in identifying the challenge: Let's Encrypt's HTTP-01 challenge requires serving a specific file at a very specific path — /.well-known/acme-challenge/{token} — and Power Pages doesn't natively allow arbitrary file paths or folders like .well-known.

✅ What Power Pages allows:

Pages with names using letters, numbers, and hyphens.
No direct access to the file system or ability to serve static files from arbitrary paths.
No built-in support for custom routing like /.well-known/....

❌ Why HTTP-01 is problematic:

The HTTP-01 challenge requires:

Serving a file at http://yourdomain/.well-known/acme-challenge/{token}
The file must be accessible publicly and exactly at that path.

Power Pages doesn't currently support:

Creating a page or endpoint at .well-known/acme-challenge/
Uploading static files to be served from arbitrary paths

🛠️ Workarounds (limited or not ideal):

Reverse Proxy: If you're using a custom domain with Power Pages and have control over DNS and a reverse proxy (e.g., Azure Front Door, Cloudflare, or NGINX), you could:
- Terminate TLS at the proxy
- Handle the HTTP-01 challenge at the proxy level
- Forward other traffic to Power Pages
Use a different web service temporarily: Spin up a small web server (e.g., Azure App Service or GitHub Pages) just to serve the challenge file, then:
- Point your domain temporarily to that server
- Complete the challenge
- Switch DNS back to Power Pages
Use a certificate provider that supports email or other validation methods: Some CAs offer alternative validation methods that don’t require DNS or HTTP challenges.

💡 Conclusion:

Yes, Power Pages effectively forces you to use DNS validation or purchase a certificate, unless you can set up a reverse proxy or use a temporary server for HTTP-01. This limitation is common in platforms that abstract away file system and routing control for security and simplicity.

🏷️ Tag me if you have any further questions or if the issue persists.

✅ Click "Accept as Solution" if my post helped resolve your issue—it helps others facing similar problems.

❤️ Give it a Like if you found the approach useful in any way.

Quick Links