ASP.Net application interferes with the remote host. Allows encrypting (via Plesk) installation?
So, to install an SSL certificate for SSL encryption, I go to my Plesk account, select a domain or subdomain and click Let Let Encrypt, then I only have an email field and a button to install.
To install, have Encrypt send my site an HTTP request:
GET /.well-known/acme-challenge/n9cD8Lpv-woEU73NhCUdFyqOYMc5hrANF_byoiaYrZc - HTTP/1.1
If I create a new "site" through Plesk and install the certificate, this GET request gets a good 200 response and the SSL certificate installs fine.
However, I had a sandbox with no SSL installed, then I deployed a sandboxed ASP.NetCore application for staging, and then tried to install SSL certificates. When launching an ASP.NetCore application when Let's Encrypt sends this GET request, it results in a 404 error and the installation fails.
Has anyone come across this? What do I need to customize? Are these MVC routes or maybe AngularJS routes (~ 1.5) that get in the way?
I can't see the /.well-known/* directory anywhere, I'm not sure if it's hidden, but I can't get to it, so how would I know WHAT to configure IF I need to configure something in the routes, to resolve GET /.well-known/acme-challenge/*
?
Remote host technical support is not required. They told me to wait 72 hours because I tried many times and I just got locked (which I don't know)
Here is the Plesk error message
Let Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://my-domain.net/.well-known/acme-challenge/AJsMc3HXiOZRGaFVsMR3uZEdYu1moJ2Po62t3e6uV10 [my-ip]: 404
I'm sure I can "work around" this simply by deleting my site, installing an SSL certificate, rather than downloading it again, but I would like to know what's really going on and if I can handle it correctly.
AFTER ELIMINATION
Allows encrypted 30-day auto-renewal. If my ASP.NET application blocks installation, it also blocks automatic updates, so I have to delete my site every 30 days and redeploy is unacceptable!
solvable Here is a solution to this very specific scenario.
Other works will work and of course this solution only works on IIS web servers.
ASPNetCore MVC Routing Allows the server to handle a specific route
source to share
Doing a quick search gave this little gem
Using Lets encrypt with ASP.NET core
Which is similar to your specific problem.
To get a certificate, start encryption, make sure you own the domain by requesting the file on your server. In this case, the file is not available (status 404). Let's understand what happened.
IIS receives the request and finds the associated website. The handlers then execute this until a response is sent. The ASP.NET core handler processes the request first.
The task file is located in the ".well-known / ..." folder, but by default the ASP.NET engine only supports files located in the "wwwroot" => so folder, a 404 response is sent to the client. ASP.NET Core processed the request; therefore the IIS Static handler is not called.
As a workaround, you can move the "StaticFile" handler, but your site may not work as expected. The best solution is to instruct your ASP.NET Core website to upload a file located in the ".well known" directory.
This is possible by registering it:
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
//...other configs
app.UseStaticFiles(); // wwwroot
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @".well-known")),
RequestPath = new PathString("/.well-known"),
ServeUnknownFileTypes = true // serve extensionless file
});
//...other configs
app.UseMvc();
}
This basically routes the virtual path call through the kernel, which grabs the physical path and provides the contents of the file to the caller. This should now allow the domain to be verified and complete the certificate request request process as well as automatic renewal.
Review the article and its suggested solution as there doesn't seem to be too many additional steps.
source to share