FTP(S)
Upload verification files via FTP(S)
Plugin type | HTTP validation | |
---|---|---|
Download | Built-in | |
Compatibility | All platforms |
Description
This plugin uploads the validation challenge to a (secure) FTP server.
web.config
Optionally this plugin can place a web.config
next to the validation file, to
help IIS properly serve the response. There are many reasons
why IIS can fail to properly serve the file. Some of them can be fixed this way. In interactive
mode the program will ask you if you want to do this. In unattended mode you can request
it using the command line. The web.config that will be copied lives in the root of the program
directory with the name web_config.xml
. You can modify it to fit your needs, e.g. for MVC
sites you might need the following:
<configuration>
<system.webServer>
<staticContent>
<clear/>
<mimeMap fileExtension = ".*" mimeType="text/json" />
</staticContent>
<handlers>
<clear />
<add name="StaticFile"
path="*"
verb="*"
type=""
modules="StaticFileModule,
DefaultDocumentModule,
DirectoryListingModule"
scriptProcessor=""
resourceType="Either"
requireAccess="Read"
allowPathInfo="false"
preCondition=""
responseBufferLimit="4194304" />
</handlers>
</system.webServer>
</configuration>
Or to disable URL Rewriting you might need to add this (in the beginning, right after <clear />
).
<rule name="LetsEncrypt Rule" stopProcessing="true">
<match url="^\.well-known.*$" />
<action type="None" />
</rule>
Let us know if you could use a similar feature for uploading an .htaccess
!
Microsoft TLS vs. GnuTLS
If you experience connection issues when running simple-acme on Windows while connecting to a Unix FTPS server, using the GnuTLS library instead of Microsofts native TLS might solve the problem. This page by the FluentFTP project explains the reasons behind and limitations of this method.
Using this requires:
- A change in
settings.config
,Validation.Ftp.UseGnuTls
should be set totrue
. - The pluggable x64 release of simple-acme (it is not available for x86 or ARM due to limitations of the upstream package, and also doesn’t work on the trimmed build)
- Download and extract the additonal build artifact gnutls.v2.3.0.1826.x64.zip for the current release (or find older versions on GitHub).
Command line
--validation ftp |
Activates the plugin | |
---|---|---|
‑‑username |
Username for remote server | |
‑‑password |
Password for remote server
You may pass the secret in plain text, but can also use a reference to the secret vault like |
|
‑‑webroot |
Root path of the site that will serve the HTTP validation requests. | |
‑‑manualtargetisiis |
Copy default web.config to the .well-known directory. |
Examples
Typical | --validation ftp ‑‑webroot ftps://ftp.example.com:990/path/ ‑‑username simpleacme ‑‑password ***** |
---|
JSON
ID | bc27d719-dcf2-41ff-bf08-54db7ea49c48 |
---|
Settings
Validation.CleanupFolders |
If set to true , the program will automatically delete file it created after HTTP validation is complete. It will also cleanup the ./well-known/acme-challenge folder, if (and only if) there are no other files present.
Type: boolean Default: true
|
|
---|---|---|
Validation.Ftp.UseGnuTls |
If you experience connection issues with Unix FTPS servers, using the GnuTLS library instead of Microsofts native TLS implementation might solve the problem. This page by the FluentFTP project explains the reasons behind and limitations of this method.
Note that it's not enough to merely change this setting, check the documentation of the FTP plugin for more details. Default: false
|
Looking for win-acme?
simple-acme is a backwards compatible, drop-in replacement built by the same person. Project history.