0 Comments

I am using https://github.com/Lone-Coder/letsencrypt-win-simple for a while now and moved to 1.9.5.1 today. It has a great new feature. Updating my webapplications was done by changing the path in IIS

For instance: C:/www/website1/20170918 had a newer version in C:/www/website1/20170919 So I just changed the path in IIS and could revert back to the older version in seconds. The Let’s Encrypt application got confused by this, because it stored the path in the registry. The latest version checks the IIS meta database for the current path, which is really nice for me.

But back on topic: The Asp.Net forms auth can be an issue. When the Let’s Encrypt tries to reach the .well-know dir, it get’s a redirect to the configured login page.

I tried to fix this by excluding the well-known dir in my web.config but that broke my web applciation (error 500)

I have also tried to escape the . (dot)

<location path=".well-known">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
   </location>

Like this:

<location path="\.well-known">
     <system.web>
       <authorization>
         <allow users="*" />
       </authorization>
     </system.web>
   </location>

But that also gave me the 500 error. So The only workaround I could think of was to temporarily comment out some lines:

<authentication mode="Forms">
       <forms name=".ASPXAUTH" loginUrl="Login.aspx" protection="All" path="/" timeout="120" defaultUrl="Index.aspx" slidingExpiration="true" />
     </authentication>
     <authorization>
       <deny users="?" />
       <allow users="*" />
     </authorization>

And ran the letsencrypt.exe follow the wizard, and uncomment the part again and save the web.config. Please contact me if you have a better or more permanent solution by mail or tweet.

Good luck!

Pin on pinterest Plus on Googleplus Post on LinkedIn
0 Comments

I have finished migrating from an “old” virtual private server (VPS) running Windows Server 2008 to a server running 2012 r2 which includes IIS 8.5

At this time the 1.9.1 is the latest https://github.com/Lone-Coder/letsencrypt-win-simple/releases

After extracting the zip you need to move the content to a permanent folder from where you can keep running the Automated Certificate Management Environment (ACME) which can renew the certificates

 

image

If you run it as admin, it will ask you for your e-mail. It will stay private, it’s just to notify if a renewal failed.

Will you agree on https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf

next is a list, not of the websites but the bindings. Mine was rather big (100 entries) and contained multiple pages. After the bindings there are more options:

image

 

After selecting a “website” number you can specify the user which will be used to run the renewal process.

The last step is to make an entry in your calendar to verify that the renewal succeeded.

I have also installed Certify to view the certificates http://certify.webprofusion.com/ 

I used version Alpha V0.9.85

All that was left was to test the website with https and if it succeeds, make an IIS redirect to route all traffic to the https version:

image

image

Good luck and enjoy the free SSL certificates!

Pin on pinterest Plus on Googleplus Post on LinkedIn