Problem with LetsEncrypt and SmarterMail 16
Question asked by Eddie Seasholtz - July 5, 2017 at 2:59 AM
Answered
I'm trying to setup Let'sEncrypt-win-simple with SmarterMail 16. SmarterMail 16 is using IIS on a Windows Server 2012 R2 server.
 
So I run the letsencrypt program and it creates the .well-known/acme-challenge folder under the MRS folder like I would expect, and it drops the challenge file in it like it's supposed to. However, the LetsEncrypt server can't read the file.
 
So I start looking around and I find that every subfolder and file that I create inside the MRS folder for SmarterMail generates a prompts for a login and gives a 401 error if I try to access it via browser. And if I put in a valid Smartermail login when prompted, it accepts the credentials and gives a bad request error.
 
For the life of me, I have not been able to figure where SmarterMail is intercepting the site in IIS and using Smartermail to authenticate for the folder that Let'sEncrypt creates.  If I drop a test file in the ./interface/ folder, the file can be read just fine using the anonymous IIS access.
 
Anyone have any thoughts on where I'm not looking in the right place to make the letsencrypt challenge file accessible from the outside?
 
Thanks,
 
Eddie
 

6 Replies

Reply to Thread
0
Matt Petty Replied
Employee Post
Make sure the new folders are giving then right permissions. I've included a couple links for reference.

https://stackoverflow.com/questions/11162430/401-unauthorized-on-a-directory
Could also try looking at the accepted answer on this post as well.
 
Let me know if these don't work maybe there is something else that can be done.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
5
How about baking Let's Encrypt right into SmarterMail, just like ClamAV, SpamAssassin, etc.?  This would make it easier for admins to get it working without all the technical issues.
 
3
I found that this was related to the SMWebDAVModule

If you disable the module / remove it from web.config then you'll be able to generated that .well-known and finish the challenge. 

I decided to write a script that switches between 2 instances on IIS. The script stops an IIS instance of "SmarterMail" and starts the “SMRenewal" instance. Both have the same bindings. It then runs the letsencrypt --renew script that will add the necessary encrypted files that can then be queried over port 80 from letsencrypts server. After authenticating the files, the instance "SMRenewal" is stopped and "SmarterMail" is started again.  It does take down the mail server but only for about 30 seconds. 

Hope this helps.
2
Matt Petty Replied
Employee Post
Hello, I will add an exception into our WebDAV handler to allow that URL to pass through it. This will atleast allow the use of LetsEncrypt without having to affect server uptime and can be performed while its running.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Alex, I wanted to come back and say THANK YOU! That was right on point and was exactly the info I needed to get let's encrypt working. It was definitely the SMWebDAVModule that was intercepting it. I REALLY appreciate it! Thank you again!
0
Has anyone tested if the Let's Encrypt certs would work for IMAP, POP, SMTP and the likes?

Christopher

Reply to Thread