Set web.config for letsencrypt - Certify with Asp.NET Core and Angular 2 (Javascript-services)

9.2k views Asked by At

I am trying to install letsencrypt certificate with Certify, but I get error, which (I think) has nothing to do with Certify. Problem is how my web.config is configured for handling my Asp.Net Core - Angular2 application.

I didn't configure web.config, Javascript services did. On Certify web page writes at the bottom of page about my problem:

I get the error "Automated checks for extensionless content failed.." This means your web server configuration is not allowing files with no extension to be served to site visitors. Unfortunately this is a requirement of the Lets Encrypt service in order for it to fetch the verification file which is automatically created within your site when you request a certificate (more info).

To help with this requirement we try to automatically configure this for you. If you look in {your site}.well-known\acme-challenge you will see we have created a web.config and a file called configcheck. If you can't browse to this configcheck file in your web browser (http://{your site}/.well-known/acme-challenge/configcheck then the Lets Encrypt service can't access the files it needs either. You can edit the web.config file in this folder to get extensionless files working, then you can re-request your certificate. A mimeMap entry for either "." or ".*" usually works depending on your operating system version.

Can some expert please help me correct my web.config file that will support whatever letsencrypt needs. Currently anything inside .well-known/acme-challenge is not accessible via WebBrowser.

My web.config:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <handlers>
      <add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified"/>
    </handlers>
    <aspNetCore processPath="%LAUNCHER_PATH%" arguments="%LAUNCHER_ARGS%" stdoutLogEnabled="true" stdoutLogFile=".\logs\stdout" forwardWindowsAuthToken="false"/>
    <rewrite>
      <rules>
        <rule name="redirect" stopProcessing="true">
          <match url="^$" />
          <action type="Rewrite" url="/index.html" />
        </rule>
        <rule name="Angular 2 pushState routing" stopProcessing="true">
          <match url=".*" />
          <conditions logicalGrouping="MatchAll">
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
            <add input="{REQUEST_FILENAME}" pattern=".*\.[\d\w]+$" negate="true" />
            <add input="{REQUEST_URI}" pattern="^/(api)" negate="true" />
            <add input="{REQUEST_URI}" pattern="^/(.well-known)" negate="true"/>
            <add input="{REQUEST_URI}" pattern="^/(signin)" negate="true" />
          </conditions>
          <action type="Rewrite" url="/index.html" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

Thank you.
Screenshot of error

3

There are 3 answers

0
Paul0515 On

The problem I ran into with the default web.config in the acme-challenge folder was that the applicationhost.config contained:

<section name="handlers" overrideModeDefault="Deny" />

The handlers section in the acme-challenge web.config therefore was not allowed with the result that the challenge failed. In this case the solutions were: Change applicationhost.config line to:

<section name="handlers" overrideModeDefault="Allow" />

Or ... Remove the handlers setting from the web.config in acme-challenge folder.

0
Farshid On

In my case, the problem was I forgot to remove App_Offline.htm while issuing the request. After removing it, the problem disappeared.

0
Eric On

Put this in the .\.well-known\acme-challenge\Web.Config file just next to the Lets Encrypt DNS verification file(s). No need to change the Web.Config you already have. All it does it tell IIS to cough up files without extension in the directory where this Web.Config resides with mime type text/plain as Lets Encrypt expects that.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="text/plain" />
        </staticContent>
        <handlers>
            <clear />
            <add name="StaticFile" path="*" verb="GET" modules="StaticFileModule" resourceType="Either" />
        </handlers>
    </system.webServer>
</configuration>