With LetEncrypt now in production It will be an ansome feature if ScreenConnect woukd support it strait at install.
you could offert ssl support out of the box for all client raising the security of your application and reducing the effort for end user to set it up.
We've always liked to be transparent, so we'll try to be better about adding a brief note when we close issues with a high number of votes in the future.
As a product feature, there wasn't a clean way to implement this specific ask. We discussed it multiple times and determined it wasn't a good fit. Our conversations led to improvements, like the introduction of the security toolkit which simplifies HTTP-HTTPS redirect, but a Let's Encrypt integration would have been very hard to maintain and a hack at best.
When feature requests like this come up, we tend to leave them open hoping that advances by the vendors, new tech, and sometimes team bandwidth will allow for them to be completed in the future. We perform internal check ins on most of these issues every 3 to 6 months, but sometimes issues get cut to make way for higher priorities.
Recently, we've prioritized advances in the performance of the session manager, relay, and the router to allow for better performance and scalability. We've also been looking at long time asks that will make the product more human for users, so they discover some of the power user features inside of the product. This of course is outside of the work to stay vigilant in our security posture and squash bugs.
Thank you all for your feedback, it is heard and appreciated.
Sean White
Senior Product Manager
NGINX config file ...web server working .. need to get relay working on port 443 so it will work on more firewalls as business routers will most likely block port 8041 which is the relay port fro screenconnect
server {
listen 80;
listen [::]:80;
server_name example.co.uk www.example.co.uk relay.example.co.uk sc.example.co.uk;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;localhost
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8040;
proxy_redirect off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.co.uk www.example.co.uk sc.example.co.uk;
ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8040;
proxy_redirect off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name relay.example.co.uk;
ssl_certificate /etc/letsencrypt/live/example.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:8041;
proxy_redirect off;
}
}
As you're not using a standard web server, support for LE should already be built in.
ScreenConnect doesn't sit on top of a standard web server (such as Nginx / IIS / Apache) - it implements the web server as it's own custom service. As such the standard / known ways of configuring LE for standard servers aren't applicable. That means SC need to take responsibility for building this support in, and I suggest should really have already done this.
why cant they just use port 443.... it just makes it harder for client and migration to new servers when you have onpern..
for future reference here is that i have done.
Step 1 install connectwise control see that its working.
Step 2 install IIS and Certify the web, dont forget to install https://www.iis.net/downloads/microsoft/url-rewrite
Step 3 in iis add a new url rewrite rule
Template: Blank
i named mine https redirect
input: url after path /
matches
pattern; *
Conditions
Input conditions
{HTTPS}
Match the pattern
Pattern off
Ignore case yes
input contiontons
{REQUEST_URI}
Dose Not Match the pattern
Pattern:
*.well-known/acme-challenge/*
Ignore case yes
Action Type: Redirect
Action URL/Redirect url: https://{HTTP_HOST}{REQUEST_URI}
Append Query String yes
Redirect type Found (302)
that takes care of http to https
here is the web.config iis 10
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="HTTPS redirect" enabled="true" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTPS}" pattern="off" />
<add input="{REQUEST_URI}" pattern="*.well-known/acme-challenge/*" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Found" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
Change the WebServerListenUri from 8040 to 443
Why was this Declined?
We should not have to do a hacky job to get a free ssl cert and you sould not have to buy a ssl cert in 202x...
Give us a proper explenation to why this was Declined..
Partner would like SC product supported LetsEncrypt on Windows or Linux.