在Wordpress或ASP.NET MVC上的Letsencrypt Acme挑战 [英] Letsencrypt acme-challenge on wordpress or asp.net mvc
问题描述
我一直在尝试使用Let's Encrypt为我的公司生成安全证书,但没有成功.我的公司将WordPress 3.9.7用于其主要网站,并且我不允许升级到较新的版本,因为这是由第三方公司处理的. 该网站在Windows Server 2008 R2的Internet Information Services 7.5之上运行. 我的问题是:如何使wordpress句柄 http://www.company. com/.well-known/acme-challenge/mftvrU2brecAXB76BsLEqW_SL_srdG3oqTQTzR5KHeA ? 我已经创建了一个新的空页面和一个新模板,该模板返回的正是我们希望加密的内容,但是wordpress一直为该页面返回404.我的猜测是问题出在路由开头的点(.)(.众所周知"),但我不知道如何在wordpress上解决该问题.
I have been trying without success to generate security certificates for my company using Let's Encrypt. My company uses WordPress 3.9.7 for its main website and I am not allow to upgrade to a newer version since that is handled by a third party company. The website is running on top of Internet Information Services 7.5 on Windows Server 2008 R2. My question is: How can I make wordpress handle http://www.company.com/.well-known/acme-challenge/mftvrU2brecAXB76BsLEqW_SL_srdG3oqTQTzR5KHeA ? I have already created a new empty page and a new template that returns exactly what let's encrypt is expecting but wordpress keeps returning a 404 for that page. My guess is that the problem arise with the dot(.) at the beginning of the route (".well-known") but I don't know how to solve that on wordpress.
我还可以使用asp.net mvc网站并使IIS指向该网站一段时间.不过,这不是一个好主意,因为客户可能无法在几分钟内访问我们的网站,但这仍然是一个选择.然后的问题是:如何在名称的开头创建带点(.")的控制器或路由? 帮助将不胜感激.
I am also able to use an asp.net mvc website and make IIS point to that website for a while. Not a good idea though since clients may not be able to reach our website for a few minutes, but still an option. Then the question is: How can I create a controller or a route with a dot(".") at the beginning of the name? Help will be really appreciated.
推荐答案
对于具有某些路由配置的ASP.Net MVC或Web窗体,您最终会将这个URL视为路由引擎传递给该URL的东西. MVC/表单处理程序,而不是静态文件返回.结果将是404或503.解决方案非常简单:
For ASP.Net MVC or Web Forms, with certain Routing configs, you'll end up treating this URL as something for the Routing Engine to hand off to the MVC/Forms Handler, not a static file return. The result will be a 404 or a 503. The solution is surprisingly very simple:
如果还没有的话,放置挑战文件:
If you haven't already, place the Challenge file:
- 创建必要的目录-
.well-known很难主要是因为Microsoft懒惰,但是您可以从cmdline或将文件夹创建为.well-known.和 Windows资源管理器会注意到该变通办法并为您删除尾随时间段. - 在
\.well-known\acme-challenge里面放置质询文件,并带有正确的名称和内容.您可以按照自己喜欢的任何方式进行此部分操作;我碰巧像echo "oo0acontents" > abcdefilename一样使用Git Bash
- Create the necessary dirs -
.well-knownis tricky mostly because Microsoft is lazy, but you can either do it from cmdline or create the folder as.well-known.and Windows Explorer will notice the workaround and remove the trailing period for you. - Inside
\.well-known\acme-challengeplace the challenge file with the proper name and contents. You can go about this part any way you like; I happen to use Git Bash likeecho "oo0acontents" > abcdefilename
然后在acme-challenge目录中创建一个Web.Config文件,其中包含以下内容:
Then make a Web.Config file in the acme-challenge dir with these contents:
<?xml version = "1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<clear />
<mimeMap fileExtension = ".*" mimeType="text/json" />
</staticContent>
<handlers>
<clear />
<add name="StaticFile" path="*" verb="*" modules="StaticFileModule,DefaultDocumentModule"
resourceType="Either" requireAccess="Read" />
</handlers>
</system.webServer>
</configuration>
来源: https://github.com/Lone-Coder /letsencrypt-win-simple/issues/37
完成.该文件将开始返回,而不是返回404/503,以允许挑战完成-您现在可以提交并验证您的域.
Done. The file will start returning instead of 404/503 allowing the Challenge to complete - you can now Submit and get your domain validated.
此外:上面的代码片段将content-type设置为json,这是与letencrypt不再相关的历史要求.当前的要求是没有要求-您可以发送内容类型的无裤子/大象,它仍然可以正常工作.
Aside: The above code snippet sets the content-type to json, a historical requirement that is no longer relevant to letsencrypt. The current requirement is there is no requirement - you can send a content-type of pantsless/elephants and it'll still work.
这篇关于在Wordpress或ASP.NET MVC上的Letsencrypt Acme挑战的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
