Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Help with Let's Encrypt auto renewal
#1
I'm trying to see if I can configure "Let's Encrypt" to work with Intraweb.  I'm pretty sure the certificates work fine, but I have problems with the auto renewal that has to run by itself in a scheduled task. I'm using win-acme: https://github.com/PKISharp/win-acme

When trying to obtain a certificate, you run a the following command:

Code:
letsencrypt.exe --plugin manual --emailaddress my@email.com --manualhost www.somewebsite.com --webroot D:\myapp\wwwroot --test

After running the command, letsencrypt.exe creates a directory in d:\myapp\wwwroot, something like /.well-known/acme-challenge/ with a temporary file inside (aaabbbccc) that "let's encrypt" needs access to, for verification. 

The problem I'm having is that after I run the letsencrypt.exe command, if I try to open

Code:
http://www.somewebsite.com/.well-known/acme-challenge/aaabbbccc

it won't work, intraweb doesn't let me have (or at least I don't know to make it work) a path like that to access a static file.

What's the best way to do this? 

Thanks.
Reply
#2
Hi Ioan, try to put inside wwwroot:

Code:
D:\myapp\wwwroot\.well-known\acme-challenge\aaabbbccc
Reply
#3
(06-18-2018, 08:46 PM)JNPSoftware Wrote: Hi Ioan, try to put inside wwwroot:

Code:
D:\myapp\wwwroot\.well-known\acme-challenge\aaabbbccc

It seems that if I have a file there with a registered mime type (example .txt) works fine, if there is no extension (the way the letsencrypt.exe makes it), it doesn't work. Can I serve a static file that has no extension?
Reply
#4
In my case i use ISAPI and server directly.
   
Reply
#5
I found a solution and so far works fine:

Code:
procedure TIWServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
var
  challengeResponse, challengeFileName: string;
begin
  [...] 
  else if ContainsText(WebApplication.Request.PathInfo, '.well-known/acme-challenge') then
  begin
    // for let's encrypt
    challengeFileName := WebApplication.ApplicationPath + 'wwwroot' + WebApplication.Request.PathInfo.Replace('/', '\');
    if TFile.Exists(challengeFileName) then
      challengeResponse := TFile.ReadAllText(challengeFileName)
    else
      challengeResponse := '';
    WebApplication.Response.WriteString(challengeResponse);
    WebApplication.Terminate;
  end;
end;
Reply
#6
(06-18-2018, 09:58 PM)ioan Wrote: I found a solution and so far works fine:

Code:
procedure TIWServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
var
  challengeResponse, challengeFileName: string;
begin
  [...] 
  else if ContainsText(WebApplication.Request.PathInfo, '.well-known/acme-challenge') then
  begin
    // for let's encrypt
    challengeFileName := WebApplication.ApplicationPath + 'wwwroot' + WebApplication.Request.PathInfo.Replace('/', '\');
    if TFile.Exists(challengeFileName) then
      challengeResponse := TFile.ReadAllText(challengeFileName)
    else
      challengeResponse := '';
    WebApplication.Response.WriteString(challengeResponse);
    WebApplication.Terminate;
  end;
end;

Hi Ioan,

We had the same issue recently in one of our applications and I'm seriously thinking about adding built-in support for this kind of stuff in IW 15 code base. It will make life much easier :-)

Thanks for sharing your solution
Reply
#7
A built in tool would be great!
Reply
#8
(06-18-2018, 09:58 PM)ioan Wrote: I found a solution and so far works fine:

Code:
procedure TIWServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
var
  challengeResponse, challengeFileName: string;
begin
  [...] 
  else if ContainsText(WebApplication.Request.PathInfo, '.well-known/acme-challenge') then
  begin
    // for let's encrypt
    challengeFileName := WebApplication.ApplicationPath + 'wwwroot' + WebApplication.Request.PathInfo.Replace('/', '\');
    if TFile.Exists(challengeFileName) then
      challengeResponse := TFile.ReadAllText(challengeFileName)
    else
      challengeResponse := '';
    WebApplication.Response.WriteString(challengeResponse);
    WebApplication.Terminate;
  end;
end;

It seems that the above solution doesn't work with the latest intraweb version. If I try to request http://localhost/.well-known/acme-challenge/aa, the application never gets in IWServerControllerBaseNewSession and returns a "404 not found" error page.
Reply
#9
(06-20-2018, 01:46 AM)Alexandre Machado Wrote:
(06-18-2018, 09:58 PM)ioan Wrote: I found a solution and so far works fine:

Code:
procedure TIWServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
var
  challengeResponse, challengeFileName: string;
begin
  [...] 
  else if ContainsText(WebApplication.Request.PathInfo, '.well-known/acme-challenge') then
  begin
    // for let's encrypt
    challengeFileName := WebApplication.ApplicationPath + 'wwwroot' + WebApplication.Request.PathInfo.Replace('/', '\');
    if TFile.Exists(challengeFileName) then
      challengeResponse := TFile.ReadAllText(challengeFileName)
    else
      challengeResponse := '';
    WebApplication.Response.WriteString(challengeResponse);
    WebApplication.Terminate;
  end;
end;

Hi Ioan,

We had the same issue recently in one of our applications and I'm seriously thinking about adding built-in support for this kind of stuff in IW 15 code base. It will make life much easier :-)

Thanks for sharing your solution

Alex,

Does iw15.2.10 solve the issue of allowing the let's encrypt renewal process work and find the renewal file under "well-known/acme-challenge/asadfff" work?
Reply
#10
(08-01-2020, 03:55 AM)joel Wrote:
(06-20-2018, 01:46 AM)Alexandre Machado Wrote:
(06-18-2018, 09:58 PM)ioan Wrote: I found a solution and so far works fine:

Code:
procedure TIWServerController.IWServerControllerBaseNewSession(aSession: TIWApplication);
var
  challengeResponse, challengeFileName: string;
begin
  [...] 
  else if ContainsText(WebApplication.Request.PathInfo, '.well-known/acme-challenge') then
  begin
    // for let's encrypt
    challengeFileName := WebApplication.ApplicationPath + 'wwwroot' + WebApplication.Request.PathInfo.Replace('/', '\');
    if TFile.Exists(challengeFileName) then
      challengeResponse := TFile.ReadAllText(challengeFileName)
    else
      challengeResponse := '';
    WebApplication.Response.WriteString(challengeResponse);
    WebApplication.Terminate;
  end;
end;

Hi Ioan,

We had the same issue recently in one of our applications and I'm seriously thinking about adding built-in support for this kind of stuff in IW 15 code base. It will make life much easier :-)

Thanks for sharing your solution

Alex,

Does iw15.2.10 solve the issue of allowing the let's encrypt renewal process work and find the renewal file under "well-known/acme-challenge/asadfff" work?

I think I found the answer:  https://www.atozed.com/forums/printthread.php?tid=1383
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)