Seafile, IIS and Let's Encrypt


#1

Hey guy’s!

I looking for a long time for a proper solution to update my Let’s Encrypt Certificate of my Seafile Cloud.

I configed IIS like in this description: https://www.weavweb.net/2015/06/07/seafile-https-sync-on-windows-server-2012r2-step-by-step/

Every time I’m trying to update the certificate the Cert-Client (Certiy the Web Client) tells me the error “Config checks failed to verify http://cloud.jotoma.de is both publicly accessible and can serve extensionless files e.g. http://cloud.jotoma.de/.well-known/acme-challenge/configcheck”. I’ve already tried many compinations to fix this issue but nothing helped (Challenge: http-01). The challenge tls-sni-01 gives me also an error.

I also searched in the web but found nothing about it.

I really appreciate it if someone could help me please!


#2

Hi @Johnnii360

I don’t use Seafile Cloud. But if you use an IIS, you have to add / change your configuration file, so that files without extension are handled.

In your root directory, there may be a web.config file. Add something like

<configuration>
    <system.webServer>
        <staticContent>
            <mimeMap fileExtension="." mimeType="text/plain" />
        </staticContent>
    </system.webServer>
</configuration>

or only the staticContent - part in your existing system.webServer - element.

Then files like

https://cloud.jotoma.de/.well-known/acme-challenge/configcheck

should work.


#3

Hi @JuergenAuer!

Thank you for your reply.

The issue is that based on the config IIS is routing all traffic to Seafile.

Here the .webconfig: https://pastebin.com/CZicbQiD

So it needs a rule that avoid all other rules if .well-known/acme-challenge/ is in the URL. I tried to add one with the pattern .well-known/acme-challenge/(.*) and rewrite to http://127.0.0.1:80/.well-known/acme-challenge/{R:1} but it doesn’t work. I also disabled the HTTPS redirect rule but nothing here either.


#4

What rule did you created?

You don’t need a redirect, a rule with

<action type="None" />

should be enough.


#5

I’ve created this rule:

<rule name="Let's Encrypt" stopProcessing="true"> <match url=".well-known/acme-challenge/(.*)" /> <action type="Rewrite" url="http://127.0.0.1:80/.well-known/acme-challenge/{R:1}" logRewrittenUrl="true" /> </rule>


#6

You are alread on your local server, port 80 - so this rule shouldn’t have an effect. So <action type="None"/> should do the same.

Did you create

<mimeMap fileExtension="." mimeType="text/plain" />

Add two files in /.well-known/acme-challenge:

abcd.txt and 1234, so you can test, that the file with extension and without extension works.

https://cloud.jotoma.de/.well-known/acme-challenge/configcheck

doesn’t work, but should work.


#7

I’ve added the mimeMap but after the server reported a misconfiguration.

But I fixed it now by myself. :slight_smile:
I’ve added the following condition to all 3 rules:

<add input="{REQUEST_URI}" pattern=".well-known/acme-challenge/" negate="true" />