Let's Encrypt with AutoACME HTTP challenge intercepted by SmarterMail
Problem reported by Leo Furze-Waddock - February 10 at 11:03 AM
Submitted
Sorry, this system doesn't allow me to post hyperlinks. Perhaps it doesn't understand what the world wide web is. I've had to add [ADD HTTPS] or [ADD HTTP] for you to replace.
 
AutoACME configuration relies on the Application Request Routing Cache proxy and setting a global URL Rewrite for all server requests to all domains i.e. [ADD HTTP]*/.well-known/acme-challenge/*
 
AutoACME configuration: [ADD HTTPS]github.com/ridercz/AutoACME/wiki/Getting-started-with-AutoAcme#configure-web-site-for-handling-of-acme-challenges
 
This works really well for issuing and renewing Let's Encrypt SSL certificates for most sites, including SmarterTrack by SmarterTools. However, I've have to shut down the SmarterMail IIS site before running AutoACME, then starting it again, because SmarterMail does not respect the global URL Rewrite.  
 
[ADD HTTP]www.mysmartermail.co.uk/.well-known/acme-challenge/.
 
redirects to;
 
[ADD HTTPS]www.mysmartermail.co.uk/Interface/errors/404.html?aspxerrorpath=/.well-known/acme-challenge/
 
Related post: [ADD HTTPS]portal.smartertools.com/community/a89271/problem-with-letsencrypt-and-smartermail-16.aspx

5 Replies

Reply to Thread
0
Matt Petty Replied
Employee Post
What version are you on? This was something we fixed a while ago in SmarterMail 16 and 15.

Version 16.0.6397 (Jul 7, 2017)

  • Fixed: Let's Encrypt http-01 verification challenges are being improperly intercepted by WebDAV.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Leo Furze-Waddock Replied
SmarterMail Enterprise Version - 16.3.6579
 
I assume the difference is you added support for a real physical file, located in the root, but not a 'global' URL rewrite rule as AutoACME uses. 
 
All web requests are proxied by the IIS Application Request Routing module and if a request matches a Let's Encrypt HTTP challenge pattern, IIS URL Rewrite is used to redirect the request to a central local site which hosts a file dynamically generated by AutoACME.
0
Matt Petty Replied
Employee Post
In my testing I was using Certify without issue. When I get some time I can try AutoACME.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scarab Replied
Matt, just to let you know we started having the same problem in the most recent versions of v16 with Letsencrypt-Win-Simple as well, whereas it did work fine as recently as their last renewal in mid-January (checked the date, Jan 19th was the last time it worked).

We only have 10 certs on SM that we do with Letsencrypt so it's not too much of a biggie to manually request them using alternate methods (like DNS) every 60 days, but it would be nice for the automated renewals in IIS to work as intended like they did between July 2017 - Jan 2018.
0
Jashan Chittesh Replied
Yes, I'm with @Scarab - this issue apparently returned, or a similar one was introduced. We are on SmarterMail Enterprise Version - 16.3.6649, and I use the same configuration for all my domains which includes both regular Websites as well as a SmarterMail Web instance.

To make testing easy, I added a text-file into the folder that I can access via all the sites I have tested. However, when I go through our Webmail site, I get 404.

Before, while I was still on SmarterMail 12, I got an authentication issue. So it may be a different issue now but I believe it's still appropriate to keep this here instead of opening a new thread.

Reply to Thread