Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

something wrong with %systemdrive% #114

Closed
postmaster11 opened this issue Mar 18, 2016 · 9 comments
Closed

something wrong with %systemdrive% #114

postmaster11 opened this issue Mar 18, 2016 · 9 comments

Comments

@postmaster11
Copy link

I'm pretty new to certify and I'm glad that somebody works on a Windows-solution.
I setup my website an am now able to browse the testfile. Therefore I had to move the content of a folder named %systemdrive% from the Certify-Programdirectory to my wwwroot. This is the issue I want to describe: something seems to go wrong with the %systemdrive% variable: whenever I request a new certificate, the mentioned folder is created inside the certify-directory containing the folderstructure ".well-known\acme-challenge" and the verification file. So finally my verification-file is located in "C:\Program Files (x86)\Certify%SystemDrive%\inetpub\wwwroot.well-known\acme-challenge" and not in "C:\inetpub\wwwroot.well-known\acme-challenge". Of course it cannot be accessed there and the request fails. Any idea what I did wrong? I tried to delete, uninstall and reinstall everything - unfortunately no change. Thanks a lot for any help!
@bseddon
Copy link
Contributor

bseddon commented Mar 18, 2016

I don't understand the problem you are trying to explain. I think you should include the command or commands you are running so people can see the options you are using.

@postmaster11
Copy link
Author

Hi, thanks for your reply. I thought it could be a little complicated to explain, but I'll try again:

  • installed IIS, created website (with hostheader and SNI activated)
  • installed Certify, run it as administrator
  • added a new contact
  • clicked on "New certificate", my website seems to be found and selected by Certify
  • errormessage "Automated checks for extensionless content failed.." appears
  • noticed, that I cannot browse to the testfile
  • searched for the corresponding files and found them not in IIS-rootdirectory, but in Certify-Installationpath: "C:\Program Files (x86)\Certify%SystemDrive%\inetpub\wwwroot.well-known\acme-challenge"

-because we all now, that this directory is probably not accessible over IIS, I copied the folder to the IIS-webroot

  • now I can browse to the test-file
  • Certify seems to have an issue by dealing with %SystemDrive% : when it comes to write files to IIS-webroot (programatically specified as %SystemDrive%\inetpub\wwwroot), Certify instead creates a directory called %SystemDrive% in the Certify installation directory and stores the needed files there
  • after that the process tries to find the files by accessing them over the URL what of course is not possible because the files are not in the web-directory but in the Certify-Installationdirectory

I hope I could at least clarify my issue - thanks a lot for your attention.

best regards, Sven

@bseddon
Copy link
Contributor

bseddon commented Mar 19, 2016

I've never heard of Certify. You will need to wait for someone else to respond. You include this message:

errormessage "Automated checks for extensionless content failed.." appears

The Let's Encrypt HTTP validation uses a file without an extension. That is, the LE servers will attempt to access a file in the .well-known/acme-challenge folder that has no extension. By default IIS does not allow access to resources that do not have an extension. To resolve this you need to add a mime type to all sites for which you will create a certificate. The mime type definition will have no extension (just a period) and have a type of 'text/plain'.

@postmaster11
Copy link
Author

:-) Thanks for your answer again! I'm sorry, I found a link on the Certify-Website to github and thought it would be related. It is, but only to the corresponding technologies. Anyway, got it to work right now. Installed Certify to a manually created directory and am now able to request and sign certificates with two clicks. It's an alpha release and I'm hoping that there will be some automation functionality in the near future. So far: nice approach!
The problem regarding accessing files without extensions is handled by Certify's own web-config, dummy-style :-) .
Have a nice weekend, cheers!

@bseddon
Copy link
Contributor

bseddon commented Mar 19, 2016

<<I'm hoping that there will be some automation functionality in the near future>>

You can use the script in this post and call it from a task so its automated.

I put the script together for my own use so I'm able to use ACMESharp but not have to worry about the sequence of tasks. My preference is to use the command line stuff for this type of task so a UI is not obscuring the process. Others prefer to be able to click a button.

@postmaster11
Copy link
Author

Awesome work, man, you made my day! Learned a lot within the last hour - thanks a lot for this and for kicking my ass ;-).

From: bseddon [mailto:notifications@github.com]
Sent: Samstag, 19. März 2016 11:01
To: ebekker/ACMESharp ACMESharp@noreply.github.com
Cc: Sven Ott smo@mx-smarthost.ch
Subject: Re: [ACMESharp] something wrong with %systemdrive% (#114)

<<I'm hoping that there will be some automation functionality in the near future>>

You can use the script in this posthttps://github.com//issues/76#issuecomment-174705344 and call it from a task so its automated.

I put the script together for my own use so I'm able to use ACMESharp but not have to worry about the sequence of tasks. My preference is to use the command line stuff for this type of task so a UI is not obscuring the process. Others prefer to be able to click a button.


You are receiving this because you authored the thread.
Reply to this email directly or view it on GitHubhttps://github.com//issues/114#issuecomment-198677816

@ebekker
Copy link
Owner

ebekker commented Mar 26, 2016

Certify is a GUI app that @webprofusion-chrisc developed and first announced in this ticket. I believe his GUI is a front-end for the ACMESharp PowerShell module (versus just calls to the ACMESharp client library like some other projects), or at least it was when it was first announced.

Unfortunately, he doesn't provide a way to give feedback on his site, and I don't think it's open source, much less developed on GitHub, so not sure how you can give feedback directly to him.

It looks like you got past your original issue, and it's not something directly related to ACMESharp anyway, so I'll close this issue for now, reopen if you want to discuss more.

@ebekker ebekker closed this as completed Mar 26, 2016
@webprofusion-chrisc
Copy link
Contributor

Hey guys, sorry I didn't see this bug report. Certify is not yet open source (but will be, the code is a little messy as yet). Issues/feedback can be sent to apps@webprofusion.com this particular issues sounds like a glitch reading the iis mappings for the default website. Most of my testing has been with multi-site installations.

@webprofusion-chrisc
Copy link
Contributor

Just as a follow up, the issue with expanding the %SystemDrive% variable has been fixed and the source code for Certify is now on github (warts and all): https://github.com/webprofusion/Certify

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bseddon @webprofusion-chrisc @ebekker @postmaster11