ASP.Net应用程序干扰远程主机让我们加密(通过Plesk)安装? [英] ASP.Net application interfering with remote host Let's Encrypt (via Plesk) installation?
问题描述
因此,要安装Let的加密SSL证书,我会前往我的Plesk帐户,选择一个域或子域,然后点击Let's Encrypt,然后我只有一个字段可以放入一个电子邮件地址,还有一个要安装的按钮。 / p>
要安装,我们加密会向我的网站发送HTTP请求:
GET /.well-known/acme-challenge/n9cD8Lpv-woEU73NhCUdFyqOYMc5hrANF_byoiaYrZc - HTTP / 1.1
如果我通过Plesk创建一个新的站点并安装证书,那么GET请求就会得到一个很好的200响应并且SSL证书安装得很好。
但是,我有一个没有安装SSL的沙盒,然后我将一个ASP.NetCore应用程序部署到沙箱进行分段,然后尝试安装SSL证书。运行ASP.NetCore应用程序时,当Let's Encrypt发送该GET请求时,会导致404错误并且安装失败。
有没有人碰到这个?我需要配置什么?它是MVC路由还是AngularJS(~1.5)路由干扰?
我在任何地方都看不到/.well-known/*目录,我我不确定它是否隐藏,但我无法达到它,所以我怎么知道要配置什么,如果我需要在路由中配置一些东西以允许 GET /.well-known/ acme-challenge / * ?
远程主机技术支持无济于事。他们告诉我要等72个小时,因为我试过很多次而且我只是被锁定了(我不是)
这是实际的Plesk错误消息
让我们加密SSL证书安装失败:质询标记为无效。详细信息:来自http://my-domain.net/.well-known/acme-challenge/AJsMc3HXiOZRGaFVsMR3uZEdYu1moJ2Po62t3e6uV10 [my-ip]的响应无效:404
我很确定我可以通过删除我的网站,安装SSL证书而不是再次上传来解决这个问题,但我想知道实际发生了什么,如果我能正确处理它
AFTERTHOUGHT
让加密是一项为期30天的自动续订服务。如果我的ASP.NET应用程序阻止安装,那么它也会阻止自动续订,所以我必须每30天删除一次我的网站并重新部署,这是不可接受的!
已解决
以下是此特定情况的解决方案。
还有其他可行的方法,当然,此解决方案仅适用于IIS Web服务器。
快速做搜索产生了这个小宝石
这似乎与您的特定问题相符。
要获得证书,让我们加密请验证您是否通过
在您的服务器上请求文件来拥有该域。在这种情况下,该文件不是
可访问的(状态404)。让我们了解发生了什么。
IIS获取请求,并找到关联的网站。然后
按顺序执行处理程序,直到发送响应为止。 ASP.NET Core
处理程序是第一个处理请求的人。
挑战文件位于.well-known / ...文件夹中,但是默认
ASP.NET Core仅提供位于文件夹wwwroot=>的文件,因此,
a 404响应发送给客户端。 ASP.NET Core处理了
请求;因此,不会调用IIS静态文件处理程序。
作为一种变通方法,您可以向上移动StaticFile处理程序,但您的
网站可能无法正常工作正如所料。更好的解决方案是指示您的ASP.NET核心网站
发送位于
.well-known目录中的文件。
这可以通过注册来实现:
public void Configure(IApplicationBuilder app,IHostingEnvironment env){
//...other configs
app.UseStaticFiles(); // wwwroot
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(),@。众所周知的)),
RequestPath = new PathString(/。熟知),
ServeUnknownFileTypes = true //提供无扩展名文件
});
//...other配置
app.UseMvc();
}
这基本上是通过核心路径调用虚拟路径来获取物理路径并将文件内容提供给调用者。现在应该允许验证域,并让证书请求流程完成以及自动续订。
查看文章及其建议的解决方法,因为似乎没有太多额外的步骤。
So, to install Let's Encrypt SSL cert, I head over to my Plesk account, pick a domain or subdomain and click on Let's Encrypt then I only have a field to put in an email address, and a button to install.
To install, Let's Encrypt sends my site an HTTP request:
GET /.well-known/acme-challenge/n9cD8Lpv-woEU73NhCUdFyqOYMc5hrANF_byoiaYrZc - HTTP/1.1
If I create a fresh 'site' through Plesk, and install the cert, that GET request get's a nice 200 response and the SSL cert installs fine.
However, I had a 'sandbox' with no SSL installed, I then deployed an ASP.NetCore app to the 'sandbox' for staging and then tried to install the SSL certs. With an ASP.NetCore application running, when Let's Encrypt sends that GET request, it results in a 404 error and the installation fails.
Has anyone run into this? What do I need to configure? Is it MVC routes or maybe the AngularJS (~1.5) routes that is interfering?
I don't see a /.well-known/* directory anywhere, I'm not sure if it is hidden, but I can't get to it, so how would I know WHAT to configure, IF I needed to configure something in routes to allow the GET /.well-known/acme-challenge/*?
The remote host tech support is of no help. They told me to wait 72 hours because I tried to many times and I'm just locked out (which I'm not)
Here is the actual Plesk error message
Let's Encrypt SSL certificate installation failed: Challenge marked as invalid. Details: Invalid response from http://my-domain.net/.well-known/acme-challenge/AJsMc3HXiOZRGaFVsMR3uZEdYu1moJ2Po62t3e6uV10 [my-ip]: 404
I'm fairly sure I could 'work around' this by just deleting my site, installing the SSL certificate than uploading again, but I would like to know what is actually going on, and if I can handle it properly.
AFTERTHOUGHT
Let's Encrypt is a 30 day auto-renewing service. If my ASP.NET application is blocking the installation, then it will also block the automatic renewal, so I would have to remove my site every 30 days and re-deploy, unacceptable!
SOLVED Here is the solution to this very specific scenario.
There are other work around's that will work, and of course this solution only works on IIS web servers.
ASPNetCore MVC Routing Let Server Handle Specific Route
Doing a quick search yielded this little gem
Using Let’s encrypt with ASP.NET Core
Which seems to match your particular problem.
To get a certificate, let’s encrypt verify that you own the domain by requesting a file on your server. In this case, the file is not accessible (status 404). Let’s understand what happened.
IIS get the request, and find the associated web site. Then it executes handlers in order until one send the response. ASP.NET Core handler is the first to handle the request.
The challenge file is in the folder ".well-known/…", but by default ASP.NET Core serves only files located in the folder "wwwroot" => so, a 404 response is send to the client. ASP.NET Core has handled the request; therefore, the IIS Static file handler is not called.
As a workaround, you can move up the "StaticFile" handler, but your website may not work as expected. A better solution is to instruct your ASP.NET Core website to send the file located in the directory ".well-known".
This is possible by registering it:
public void Configure(IApplicationBuilder app, IHostingEnvironment env) {
//...other configs
app.UseStaticFiles(); // wwwroot
app.UseStaticFiles(new StaticFileOptions
{
FileProvider = new PhysicalFileProvider(Path.Combine(Directory.GetCurrentDirectory(), @".well-known")),
RequestPath = new PathString("/.well-known"),
ServeUnknownFileTypes = true // serve extensionless file
});
//...other configs
app.UseMvc();
}
This basically routes the call for the virtual path through core which grabs the physical path and provides the file content to the caller. This should now allow for the domain to be verified and let the certificate request process flow to completion as well as automatic renewals.
Check out the article and its suggested workaround as there don't seem to be too many additional steps involved.
这篇关于ASP.Net应用程序干扰远程主机让我们加密(通过Plesk)安装?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
