Sign in Register
Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Scott Faulkner 3 posts 73 karma points
    Jan 15, 2021 @ 19:24
    Scott Faulkner
    0

    Umbraco 8 + appservice-acmebot Let's Encrypt

    Has anyone integrated Umbraco 8+ with appservice-acmebot (https://github.com/shibayan/appservice-acmebot) to automate the issuance and renewal of certificates through Let's Encrypt? Just not able to get it working while keeping the site and backoffice working, too. The problem is that Umbraco always intercepts the call to http://domain/.well-known/... Have set both Umbraco.Core.ReservedUrls and Umbraco.Core.ReservedPaths to various combinations of ~/.well-known, ~/.well-known/, ~/.well-known/acme-challenge, ~/.well-known/acme-challenge/ with no luck. It's as if those settings are not actually implemented within Umbraco.

    Copy Link
  • Bo Jacobsen 607 posts 2405 karma points
    Jan 15, 2021 @ 21:24
    Bo Jacobsen
    0

    Hi Scott.

    You need a rewrite rule like

    <rule name="Allow LetsEncrypt" patternSyntax="Wildcard" stopProcessing="true">
     <match url=".well-known/*" />
      <action type="None" />
</rule>
    Copy Link
  • Scott Faulkner 3 posts 73 karma points
    Jan 15, 2021 @ 21:50
    Scott Faulkner
    0

    Forgot to mention that I tried that, too. Still handled by Umbraco.

    Copy Link
  • Bo Jacobsen 607 posts 2405 karma points
    Jan 16, 2021 @ 10:39
    Bo Jacobsen
    2

    You might have to set the reservedUrls and put a web.config inside the .well-known folder.

    When i am back om work on monday, i will post what we do to make it work.

    Copy Link
  • Ilyas Balgabekov 21 posts 132 karma points
    Jan 18, 2021 @ 04:51
    Ilyas Balgabekov
    0

    Hello, Scott. I'm just adding that in my web.config.

    <appSettings>
    <add key="umbracoReservedPaths" value="~/umbraco,~/install/,~/.well-known" />
</appSettings>
    Copy Link
  • Bo Jacobsen 607 posts 2405 karma points
    Jan 18, 2021 @ 09:53
    Bo Jacobsen
    0

    Hi Scott.

    We do this to be 100% sure that it works. (You might not need it all)

    web.config

      <appSettings>
    <add key="Umbraco.Core.ReservedPaths" value="~/.well-known" />
  </appSettings>
  <system.webServer>
    <rewrite>
      <rules>
        <!-- This have to be the first rule -->
        <rule name="Allow SSL renewal" patternSyntax="Wildcard" stopProcessing="true">
          <match url=".well-known/acme-challenge/*" />
          <action type="None" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>

    .well-known/web.config

    <?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <handlers>
      <remove name="aspNetCore"/>
    </handlers>
    <rewrite>
      <rules>
        <clear />
        <rule name="AcmeChallenge" stopProcessing="true">
          <match url=".*" />
          <action type="Rewrite" url="{R:0}.txt" appendQueryString="false" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
  <system.web>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>
    Copy Link
  • Chris Kim 48 posts 254 karma points c-trib
    Aug 02, 2021 @ 23:11
    Chris Kim
    0

    This got me on the right track, but I had to make a few more modifications to the .well-known/web.config to reset some of the system.web and system.webServer config of the Umbraco application. This is what I ended up with:

    <?xml version="1.0" encoding="utf-8"?>
<configuration>
  <system.webServer>
    <validation validateIntegratedModeConfiguration="false"/>
    <modules runAllManagedModulesForAllRequests="true">
      <remove name="WebDAVModule"/>
      <remove name="UmbracoModule"/>
      <remove name="ScriptModule"/>
      <remove name="ClientDependencyModule"/>
      <remove name="FormsAuthentication"/>
      <remove name="ImageProcessorModule"/>
      <remove name="TelemetryCorrelationHttpModule" />
      <remove name="ApplicationInsightsWebTracking" />
    </modules>
    <handlers>
      <clear />
      <add name="StaticFile" path="*" verb="*" modules="StaticFileModule" resourceType="Either" requireAccess="Read" />
    </handlers>
    <staticContent>
      <remove fileExtension="." />
      <mimeMap fileExtension="." mimeType="text/plain" />
    </staticContent>
    <rewrite>
      <rules>
        <clear />
      </rules>
    </rewrite>
  </system.webServer>
  <system.web>
    <compilation>
      <assemblies>
        <clear />
      </assemblies>
    </compilation>
    <membership defaultProvider="">
      <providers>
        <clear />
      </providers>
    </membership>
    <roleManager enabled="false">
      <providers>
        <clear />
      </providers>
    </roleManager>
    <authorization>
      <allow users="*"/>
    </authorization>
  </system.web>
</configuration>

    Note that you should also upload a file called configured (no extension) to the .well-known folder, to tell acmebot not to overwrite your modified web.config.

    Copy Link
  • Steven 3 posts 93 karma points
    Jun 24, 2021 @ 07:49
    Steven
    0

    Hi,

    for this to work, should the .well-known folder be placed inside the wwwroot folder of the appservice?

    In our setup this folder is placed outside of the wwwroot folder, directly in the site folder.

    In that case would it be possible to add a virtual path?

    Copy Link
  • Scott Faulkner 3 posts 73 karma points
    Jun 24, 2021 @ 12:45
    Scott Faulkner
    0

    I finally gave up because nothing worked consistently. It seems as if Umbraco just ignored the reserved paths and reserved url settings and tried to serve the .well-known path anyway. In the end, I scrapped it altogether. Since we are using Microsoft Azure for hosting, and they've greatly improved their free cert offering, we switched to that. No more hassles.

    Copy Link
Please Sign in or register to post replies

Write your reply to:

Draft