The Lets Encrypt ACME server was probably unable to reach

[courtenayparserr]

Hi @sjkp

Firstly thanks for such a great service and tool. So appreciate it.

We are running into the "The Lets Encrypt ACME server was probably unable to reach" issue on the renewal job. I know why it is, because letsencrypt is trying to reach our server on HTTP but obviously we already have a valid certificate on there which means HTTP is not available.

We have a load-balanced setup on parserr dot com and api dot parserr dot com. How do we allow this job to run successfully to update certificates?

[sjkp]

If you want to use HTTP acknowledge flow, you have to allow http access to the /.well-known/acme-challenge path. So you could make a rule that allows that. Otherwise you can use DNS acknowledge but then you shouldn't be using the site-extension but instead https://github.com/sjkp/letsencrypt-azure.

To deal with the load balanced nature, you have to configure a blob storage account that can contain the challenge file, so that it can be availalbe from all load balanced web sites. You can read a bit about it here, how to set it up depends on your which framework you are using https://github.com/sjkp/letsencrypt-siteextension/wiki/Azure-Function,-Multi-Region,-Local-Cache-support (the load balanced complexity is also removed if you use a dns challenge)