Let's Encrypt with ASP.Net Core and Azure App Service

1
votes

I have a Runbook in Azure that uses AcmeSharp to generate Let's Encrypt certificates for a website running in Azure App Services. I have used it many times successfully on many ASP.Net sites. Apparently I've never tried it on an ASP.Net Core (2.2) site until now.

I'm pretty sure I was running into the problem described in this blog post - https://ronaldwildenberg.com/letsencrypt-for-asp-net-core-on-azure. Basically, the script publishes a static file to /.wellknown/acme-challenge/randomstring/index.html in my site and then Let's Encrypt tries to verify that file. I'm getting a 404 when trying to hit this URL even though I can see it in the file system in Kudu.

I felt like this was a static file issue in ASP.Net Core and when I found the blog post referred to above - I thought that was going to be the answer. I changed my code as prescribed in the article, but I'm still getting the 404.

Slightly different than the article, instead of files with long random strings of characters like in the article screenshot, my script generates a string like that but creates a folder with that name. Inside each folder is one file (named index.html) that contains the validation info Let's Encrypt is looking for. You can see this at http://www.technicality.online/.well-known/acme-challenge/

You can see the folders are browsable and if you click one, you can see the link to index.html. The problem is - if you click index.html, you get a 404. I've put this in my Startup.Configure:

           var rootPath = Path.GetFullPath(".");
           var acmeChallengePath =
               Path.Combine(rootPath, @".well-known\acme-challenge");

           app.UseDirectoryBrowser(new DirectoryBrowserOptions
           {
               FileProvider = new PhysicalFileProvider(acmeChallengePath),
               RequestPath = new PathString("/.well-known/acme-challenge"),
           });

           app.UseStaticFiles(new StaticFileOptions
           {
               ServeUnknownFileTypes = true
           });

(I don't think I need the ServeUnknownFileTypes since my file is index.html, as opposed to the long random string in the blog post, but I don't think this should hurt anything either.)

I thought maybe the issue was that the file didn't contain valid html (just a string of characters), but I put another file that did contain valid html and I get a 404 when clicking that one as well.

Is there some other ASP.Net Core (or Azure App Service) detail I'm missing to make the application serve up the index.html files?

1
asp.net-coreazure-web-app-servicelets-encrypt
Is it ok running locally?Ivan Yang
I'm embarrassed to admit I hadn't tried it locally. I was so caught up with the Azure hosting & automation issues that I didn't try that. As soon as I did, that pointed me in the right direction. I'm going to post findings in answer. Thanks @ivan-yang.jefftrotman
I know it's not what you asked, but in the past I found the Let's Encrypt extension for AppServices to be very easy to use.Claudiu Guiman

1 Answers

1
votes

I figured this out and am posting the answer to hopefully keep someone else from making the same mistake I did. The issue wasn't at all what I thought it was, but rather - there are two "wwwroot" folders in an ASP.Net Core Azure App Service hosting environment and I wasn't paying close enough attention.

The file system path where Azure hosts your application is D:\home\site\wwwroot. In a "classic" ASP.Net scenario, your static files go in that folder. In an ASP.Net Core scenario, another wwwroot folder is created underneath that one. My script (written for ASP.Net) was creating the ".well-known\acme-challenge" folder beneath the first one. The standard app.UseStaticFiles() doesn't help with those.

Basically, I had:

-home

--site

---wwwroot (hosting root)

----wwwroot (ASP.Net core static files folder)

----.well-known (this was a sibling of the 2nd wwwroot and needed to be a child)

I needed to change my script to put my static files under the 2nd wwwroot so that the app.UseStaticFiles() would serve those files.