0 Comments

Perhaps it’s because I was still in holiday-mode, but I kept getting a 403 error. Even when I added a `helloworld.html` in the `.well-known` dir. Which was driving me crazy. I even thought it was .net Core 2.x related because all full framework sites were renewing just fine, both MVC and Webform applications.

The answer for my situation was in this comment:

Do you have both http/https binding? http binding is required for it to work.

I did, but I remembered something about forcing to SSL for this website.

I searched my code, but all I could find was commented out:

image

image

So how did I manage to force visitors to the SSL version? I could not remember it. There was also no URL rewriting in the web.config. It was a checkbox in IIS which I forgot that I ever changed that setting! (sorry for the Dutch screenshot of IIS 8.5)

 image

It would be nice if the new version of Let’s Encrypt Win Simple would temporary disable it and afterwards restored it.

Here is the link to the latest version 1.9.6.2


Good luck and best wishes for 2018!

Pin on pinterest Plus on Googleplus Post on LinkedIn
0 Comments

I am using https://github.com/Lone-Coder/letsencrypt-win-simple for a while now and moved to 1.9.5.1 today. It has a great new feature. Updating my webapplications was done by changing the path in IIS

For instance: C:/www/website1/20170918 had a newer version in C:/www/website1/20170919 So I just changed the path in IIS and could revert back to the older version in seconds. The Let’s Encrypt application got confused by this, because it stored the path in the registry. The latest version checks the IIS meta database for the current path, which is really nice for me.

But back on topic: The Asp.Net forms auth can be an issue. When the Let’s Encrypt tries to reach the .well-know dir, it get’s a redirect to the configured login page.

I tried to fix this by excluding the well-known dir in my web.config but that broke my web applciation (error 500)

I have also tried to escape the . (dot)

<location path=".well-known">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
   </location>

Like this:

<location path="\.well-known">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
   </location>

But that also gave me the 500 error. So The only workaround I could think of was to temporarily comment out some lines:

<authentication mode="Forms">
       <forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" path="/" timeout="120" defaultUrl="Index.aspx" slidingExpiration="true" />
     </authentication>
     <authorization>
       <deny users="?" />
       <allow users="*" />
     </authorization>

And ran the letsencrypt.exe follow the wizard, and uncomment the part again and save the web.config. Please contact me if you have a better or more permanent solution by mail or tweet.

Good luck!

Pin on pinterest Plus on Googleplus Post on LinkedIn
0 Comments

I have finished migrating from an “old” virtual private server (VPS) running Windows Server 2008 to a server running 2012 r2 which includes IIS 8.5

At this time the 1.9.1 is the latest https://github.com/Lone-Coder/letsencrypt-win-simple/releases

After extracting the zip you need to move the content to a permanent folder from where you can keep running the Automated Certificate Management Environment (ACME) which can renew the certificates

 

image

If you run it as admin, it will ask you for your e-mail. It will stay private, it’s just to notify if a renewal failed.

Will you agree on https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

next is a list, not of the websites but the bindings. Mine was rather big (100 entries) and contained multiple pages. After the bindings there are more options:

image

 

After selecting a “website” number you can specify the user which will be used to run the renewal process.

The last step is to make an entry in your calendar to verify that the renewal succeeded.

I have also installed Certify to view the certificates http://certify.webprofusion.com/ 

I used version Alpha V0.9.85

All that was left was to test the website with https and if it succeeds, make an IIS redirect to route all traffic to the https version:

image

image

Good luck and enjoy the free SSL certificates!

Pin on pinterest Plus on Googleplus Post on LinkedIn
0 Comments
  •   Posted in: 
  • IIS

It has been a while since my last blog. But here is a small snippet to redirect traffic to an other place. I needed it because we have 2 domains on shared hosting. Both containing mail accounts. I could not simply add a hostheader for the 2nd domain, because it would remove all mail accounts. So I used this web.config file:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="Domein doorsturen naar andere website" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{HTTP_HOST}" pattern="^(?:www.)olddomain\.com$" />
          </conditions>
          <action type="Redirect" url="http://www.newdomain.com/{R:1}" />
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

 

ps. I used precode from codeplex to insert the xml code in an open live writer post. 0.6.0.0

Pin on pinterest Plus on Googleplus Post on LinkedIn
6 Comments
  •   Posted in: 
  • IIS

For this small article, I assume that you have an Asp.Net web application running on IIS and that you have setup your SSL certificate. So navigating to https://www.yoursite.com works. This blog post will explain how to redirect all http traffic to https in several easy steps.

1. Get the Web Platform Installer (it’s free!) from Microsoft  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32b0dfe5-f139-4e1c-b412-3da39f50bbf9 

2. After you have opened the WebPI (Web Platform Installer) search for: Rewrite

image

3. Install the component! [more]

4. Open your web.config (I used notepad++ )

5. Merge this into your web.config:

<configuration>    
    <system.webServer>
        <rewrite>
            <rules> 
                <rule name="Force HTTPS" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                </rule>
            </rules>
        </rewrite>
    </system.webServer>
</configuration>

 

And your done, when you hit save. The IIS will restart if the web.config is modified, so the new rule is now enabled!

kick it on DotNetKicks.com Shout it

Pin on pinterest Plus on Googleplus Post on LinkedIn