Let's Encrypt confirmation on IIS not working - iis

I'm trying to use the Certify SSL Manager to configure SSL certificates from Let's Encrypt on my IIS server, but it fails during the check.
https://dev.mywebsite.com/.well-known/acme-challenge/configcheck/
This works:
https://dev.mywebsite.com/well-known/acme-challenge/configcheck
https://dev.mywebsite.com/.well-known/acme-challenge/test.txt
So I assumed it's the . before well-known. But the fact that test.txt works confuses me.
I've already configured the directory according to this discussion:
https://github.com/ebekker/ACMESharp/issues/15
I have a bunch of rewrite stuff in my web.config, but even if I remove that section completely, it still fails.

Perhaps check if the acme-challenge web.config contains a conflict within the handler section. Do so by opening IIS manager, find the acme-challenge folder en double click the handler mapping icon. In my case, this resulted in an error.
The problem I ran into with the default web.config in the acme-challenge folder was that the applicationhost.config contained:
<section name="handlers" overrideModeDefault="Deny" />
The handlers section in the acme-challenge web.config therefore was not allowed with the result that the challenge failed. In this case the solutions were:
Change applicationhost.config line to:
<section name="handlers" overrideModeDefault="Allow" />
Or ...
Remove the handlers setting from the web.config in acme-challenge folder.
The applicationhost.config can be found here: c:\windows\system32\inetsrv\config

The configcheck url is a file, not a directory. Make sure that file exists on disk (i.e. C:\inetpub\wwwroot\.well-known\acme-challenge\configcheck) in your webroot. Then try to load your links with this barebones web.config in your website root directory (if using ASP.NET):
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="." mimeType="application/unknown" />
</staticContent>
</system.webServer>
</configuration>
If that works, try slowly adding back in your web.config sections including routes/rewrite until you figure out what's causing the problem.
If using ASP.NET Core with a wwwroot folder hosting your static files, you'll have to modify your config in Startup.cs instead:
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
string filepath = Path.Combine(Directory.GetCurrentDirectory(), #"wwwroot/.well-known");
app.UseStaticFiles(new StaticFileOptions()
{
FileProvider = new PhysicalFileProvider(filepath),
RequestPath = new PathString("/.well-known"),
ServeUnknownFileTypes = true
});
// ... your other startup code here
}

I had to modify the web.config as follow to fix the error:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<mimeMap fileExtension="*" mimeType="text/plain" />
</staticContent>
<handlers>
<clear />
<add name="StaticFile" path="*" verb="*" type=""
modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule"
scriptProcessor="" resourceType="Either" requireAccess="Read"
allowPathInfo="true" preCondition="" responseBufferLimit="4194304" />
</handlers>
</system.webServer>
</configuration>

Related

Azure Web App Virtual Application, The resource you are looking for has been removed, had its name changed, or is temporarily unavailable

I have an Azure Web Application with Virtual Application configured under the Path mappings section. The virtual path /SP2019resources has the Physical Path as site\wwwroot\SP2019resources.
My Azure DevOps pipeline will upload the contents (SharePoint SPPKG files) to this virtual path. And I have already verified that the contents are there, however whenever I formulate a URL as https://{AzureAppName}/SP2019resources/{PackageName}.SP2019.sppkg and open it in the browser the file is not getting downloaded and always getting an error as "The resource you are looking for has been removed, had its name changed, or is temporarily unavailable.".
Here is the file view from my web app SCM.
Any idea what I am missing here?
After spending some time with this issue, I understood what I am missing. Essentially, you will need a Web.config file in your virtual application folder to handle the requests.
The content of the file can be as follows.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.webServer>
<handlers>
<clear />
<add name="StaticHandler" verb="*" path="*" type="System.Web.StaticFileHandler" />
</handlers>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
After I add this file to the /SP2019resources, the files inside were getting downloaded.

How to load index.asp in IIS 7.5

I have a site/application I would like to load in IIS. The root of the folders contains a web.config and index.asp. The sub folders are asp, scripts, styles, images.
I add Add Web site in IIS, define the physical path to the location of the index.asp, assign the IP address for host name I tried local host, IP, and leaving it blank. When I click on Browse Website I receive a HTTP 500 Internal Server Error. IIS is running and the Web Site is started in the Manage Website menu.
If I write a short index.html hello world page and set it as default document it displays ok. When I change default document back to index.asp I get the 500 error again.
Could someone give me a tip on how to proceed?
Here is my web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
<system.webServer>
<defaultDocument>
<files>
<add value="index.asp" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
This is going to be a guess at best, since a 500 can mean anything without a sub-status code. It probably is due to configuration inheritance. index.asp is already in the default list of default documents at the server level. By adding index.asp, it may be causing a unique hey violation when the configuration inheritance is flattened into the effective configuration.
Suggestion:
Add a <clear /> element right above the <add value="index.asp" /> and try again. Otherwise, we will need to go get the sub status code of that 500 to get more information. The IIS log usually contains the sub status in the sc-substatus.
Resulting Configuration
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="index.asp" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
If this works, then the reason it originally works with index.html because index.html is not in the default files list.
Additional Note
The other thing I can think of is that impersonation being enabled. If you are running the application pool in Integrated Pipeline mode, you'll need to turn off integrated mode configuration validation. More information can be found here: Integrated Pipeline mode configuration validation.
New Resulting Configuration
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<identity impersonate="true" />
</system.web>
<system.webServer>
<validation validateIntegratedModeConfiguration="False" />
<defaultDocument>
<files>
<clear />
<add value="index.asp" />
</files>
</defaultDocument>
</system.webServer>
</configuration>

Error on trying to configure RavenDB in IIS mode

Following the steps in this tutorial, the first item of "Setting up with IIS 7.5" after clicking on "Modules" in inetmgr, the following error occurs:
Full image: http://i.stack.imgur.com/QCM4s.png
Web.config in RavenDB
<configuration>
<appSettings>
<add key="Raven/DataDir" value="~\Data"/>
<add key="Raven/AnonymousAccess" value="Get"/>
</appSettings>
<system.webServer>
<handlers>
<add name="All" path="*" verb="*" type="Raven.Web.ForwardToRavenRespondersFactory, Raven.Web"/>
</handlers>
<modules runAllManagedModulesForAllRequests="true">
<remove name="WebDAVModule" />
</modules>
</system.webServer>
<runtime>
<loadFromRemoteSources enabled="true"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<probing privatePath="Analyzers"/>
</assemblyBinding>
</runtime>
</configuration>
applicationHost.config
http://pastebin.com/UJTJfB9f
Try
For a few attempts, I tried to change
this..
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
to this..
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Allow" />
Results
When trying to access "in inetmgr Modules worked!"
However RavenDB Studio does not work.
The following image:
Config Error
This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File
\\?\C:\Users\Riderman\RavenDB-Build-960\Web\web.config
Check your server web.config and change overrideModeDefault from Deny to Allow.
<configSections>
<sectionGroup name="system.webServer">
<section name="handlers" overrideModeDefault="Deny" />
<section name="modules" allowDefinition="MachineToApplication" overrideModeDefault="Deny" />
You can also manage sections on web server level (just select the Server in the left pane) in your IIS management console and then select "Feature Delegation":
As you see in the picture above all the features are Read/Write. Currently on my machine the Modules feature is Read Only, so I'd need to change it to Read/Write - in the right hand pane in Set Feature Delegation just click on Read/Write...

ServiceStack REST service custom path error

I am having trouble configuring my ServiceStack REST service to work on my production IIS 7.5 box. It works fine running localhost, and it also works fine if I deploy in the root of "Default Web Site" - /EmployeeSvc. I have a virtual directory structure under Default Web Site for organizational purposes (note custom path in web.config). I can browse successfully to the default.htm at this location, but when I try to execute the built-in /hello example I receive:
Server Error 404 - File or directory not found.
The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Like I said, the built-in /hello example works perfectly from localhost and from a root iis folder under default web site, but not from within a directory structure. What am I doing wrong with the location-path?
Thanks in advance! Here is web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="Employees-NoAuth/WebServices/EmployeeSvc">
<system.web>
<httpHandlers>
<add path="*" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" verb="*" />
</httpHandlers>
</system.web>
<!-- Required for IIS 7.0 -->
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<add path="*" name="ServiceStack.Factory" type="ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack" preCondition="integratedMode" resourceType="Unspecified" allowPathInfo="true" verb="*" />
</handlers>
</system.webServer>
</location>
<system.web>
<customErrors mode="RemoteOnly"/>
<compilation debug="true" targetFramework="4.0" />
</system.web>
</configuration>
I'd try the following:
1. Remove location node from web.config. Move SS configuration out of it.
2. Register base URL path in your class derived from AppHostBase:
public override void Configure(Container container)
{
this.SetConfig(new EndpointHostConfig { ServiceStackHandlerFactoryPath = "base/path" });
}

How to configure static content cache per folder and extension in IIS7?

I would like to set up rules in IIS7 for static content caching in my ASP.NET website.
I have seen these articles, which details how to do it using the <clientCache /> element in web.config:
Client Cache <clientCache> (IIS.NET)
Add Expires or Cache Control Header to static content in IIS (Stack Overflow)
However, this setting appears to apply globally to all static content. Is there a way to do this just for certain directories or extensions?
For example, I may have two directories which need separate cache settings:
/static/images
/content/pdfs
Is it possible to set up rules for sending cache headers (max-age, expires, etc) based on extensions and folder paths?
Please note, I must be able to do this via web.config because I don't have access to the IIS console.
You can set specific cache-headers for a whole folder in either your root web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<!-- Note the use of the 'location' tag to specify which
folder this applies to-->
<location path="images">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:15" />
</staticContent>
</system.webServer>
</location>
</configuration>
Or you can specify these in a web.config file in the content folder:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="00:00:15" />
</staticContent>
</system.webServer>
</configuration>
I'm not aware of a built in mechanism to target specific file types.
You can do it on a per file basis. Use the path attribute to include the filename
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<location path="YourFileNameHere.xml">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="DisableCache" />
</staticContent>
</system.webServer>
</location>
</configuration>
I had the same issue.For me the problem was how to configure a cache limit to images.And i came across this site which gave some insights to the procedure on how the issue can be handled.Hope it will be helpful for you too
Link:[https://varvy.com/pagespeed/cache-control.html]

Resources