Open b9chris opened 8 years ago
On my end only solution for MVC apps was to rename Global.asax and web.config, perform verification and rename files to their original names. I've tried various things like virtual directories, some web.config inheritance removal addons and nothing helped.
@b9chris, good suggestion, contributions are always welcome!
Haven't had side project time to code this yet, but want to mention a curious related problem.
EFF recommends securing your site with HTTPS, they recommend LetsEncrypt because it's free. They then recommend HSTS, which will lock browsers out that try to visit on HTTP.
LetsEncrypt expires somewhat rapidly, relative to other typical certs (1-3 years). And when you go to rotate it at 60 days, if you don't do so fast enough, the HTTPS cert is expired, HSTS is locking web visits to the site out, and the only way LetsEncrypt knows how to verify the site is over HTTP... so you're just eternally in this unresolved site reference loop.
I periodically have to go kill off HTTPS redirects entirely to get myself out of this loop. But surely this is a problem multiple people are experiencing... thoughts on how to better prevent this trap?
Love the ACMESharp tool, thanks for putting this together!
I think there's an opportunity to expand on the checks/error-reporting in the above error's flow. In my case I was able to put a SAN cert together for 12 sites - perfect for IIS 7.5 and Win Server 2008 R2. But 3 sites refused to validate, each with the above error. Here's what it looks like in action:
Looking at the C#, the error message is saying the simplest thing it can about what happened: The Challenge returned no validated sites.
In my case the cause was a 404 on the .well-known/... file and in another a 503, because of the way those sites happen to be Routed in their MVC configs. It would be helpful to expand the code to check for this (check for the file and check for HTTP error or not), and either provide instructions on fixing it, or just fix it automatically and retry.
I took the manual steps and noticed the above 404/503s. Putting this Web.Config in the acme-challenge dir for each site fixed that:
https://github.com/Lone-Coder/letsencrypt-win-simple/issues/37
Good move? Happy to submit the pull request.