Using LetsEncrypt with Orchard CMS

I wanted to move an Orchard CMS site onto https, without paying £$. LetsEncrypt seemed the obvious solution.

This is not the place to talk about how to use LetsEncrypt, but if you have a web server with only one external i.p. running multiple sites you have to certificate them all at the same time, and suffice it to say that one site on our server was proving stubborn... my Orchard CMS site https://www.patranchell.info/ or rather, as it was then, http://www.patranchell.info/

LetsEncrypt's validation process includes creating some special files in a known location within the website and checking they can be accessed in that location from the internet, but this was failing because by default Orchard CMS will not serve up static files, and certainly not extensionless static files. The solution turned out to be pretty simple changes to my web.config (after some trial and error!) shown as insertions below:

        <handlers accessPolicy="Script,Read">
            <!-- Clear all handlers, prevents executing code file extensions or returning any file contents. -->
            <clear /> 
   <add name="LetsEncrypt" path=".well-known/acme-challenge/*" verb="*" modules="StaticFileModule" preCondition="integratedMode" resourceType="File" requireAccess="Read" />
Once this had taken effect, the LetsEncrypt tool was able to validate and convert my site, automatically adding the https binding. But my site still wouldn't load under https. Hhmpphh.

I then had to install a new Orchard module (I'm running v1.9.2 btw) called "Secure Sockets Layer". And then I had to visit the settings for this module:

Orchard SSL settings link

and set the following (note that most of these settings only appears after ticking the first box):

Orchard SSL settings

The result...free https encryption, which should auto-renew for ever! Amber Rudd will be upset!

 

Posted by Crispin Flower Wednesday, March 29, 2017 10:07:00 PM Categories: Computing

Comments

Peter
Gravatar
Monday, April 10, 2017 12:59:09 PM

Ohh thanks mate! I was struggling for a few days trying to get around this. I thought it was authorisation issues but finally I found this page. Makes sense now :D Thanks

Pontus
Gravatar
Sunday, April 23, 2017 7:50:34 PM

Which version of IIS are you running on? I tried this on IIS 10 (Windows Server 2016) but no luck, the extensionless files are still not served.

Crispin
Gravatar
Sunday, April 23, 2017 8:12:51 PM

@Pontus I was using IIS7.5, sorry to hear this doesn't work for you but I don't have a Server 2016 to try it out on yet.

Pontus
Gravatar
Sunday, April 23, 2017 9:43:11 PM

@Crispin I tried on a site without asp.net an there it worked. Mabe it's something with the asp.net it self. I'm thinking about using a module instead to serve the file. Not the most elegant solution but it works in my initial testing.

edwardm
Gravatar
Tuesday, August 15, 2017 5:00:32 PM

This solution was EXACTLY what I was looking for. Thanks! On our server, I used Certify: https://certify.webprofusion.com/, to manage the SSL from Lets Encrypt.

Robert
Gravatar
Wednesday, September 19, 2018 8:17:13 PM

Don't forget to remove any duplicate mappings for static content. E.g. this is a no-go in conjunction with the above code.

 

<staticContent>
   <mimeMap fileExtension="." mimeType="text/plain" />
</staticContent>