search

sjkp / letsencrypt-siteextension

Azure Web App Site Extension for easy installation and configuration of Let's Encrypt issued SSL certifcates for custom domain names.
744 stars 77 forks source link

Unable to complete challenge with Lets Encrypt servers #339

Open robertmclaws opened 4 years ago

robertmclaws commented 4 years ago

I'm getting the following error trying to get a cert on my site. I've uninstalled and reinstalled several times, and tried the /basicauth endpoint as well. No dice.

[Exception: Unable to complete challenge with Lets Encrypt servers error was: {"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/900316360/36KE0g","status":"Invalid","validated":null,"error":{"Type":"urn:ietf:params:acme:error:unauthorized","Detail":"Invalid response from http://dhd-MYWEBSITE/.well-known/acme-challenge/ENCODEDSTRING [IPADDRESS]: \"<!DOCTYPE html>\\r\\n<html>\\r\\n<head>\\r\\n    <meta charset=\\\"utf-8\\\" />\\r\\n    <meta name=\\\"viewport\\\" content=\\\"width=device-width\\\">\\r\\n    <tit\"","Identifier":null,"Subproblems":null,"Status":403},"errors":null,"token":"TOKEN","keyAuthorization":null}]
   LetsEncrypt.Azure.Core.Services.<RequestCertificate>d__5.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\AcmeService.cs:0
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   LetsEncrypt.Azure.Core.<RequestInternalAsync>d__14.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:206
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   LetsEncrypt.Azure.Core.<RequestAndInstallInternalAsync>d__15.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:230
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   LetsEncrypt.SiteExtension.Controllers.<Install>d__7.MoveNext() in D:\a\1\s\LetsEncrypt-SiteExtension\Controllers\HomeController.cs:249
   System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() +31
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +60
   System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +92
   System.Web.Mvc.Async.<>c__DisplayClass8_0.<BeginInvokeAsynchronousActionMethod>b__1(IAsyncResult asyncResult) +22
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +80
   System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +387
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +42
   System.Web.Mvc.Async.<>c__DisplayClass3_6.<BeginInvokeAction>b__4() +42
   System.Web.Mvc.Async.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult) +188
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +38
   System.Web.Mvc.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) +26
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +68
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +52
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +39
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +38
   System.Web.Mvc.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) +40
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +68
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +38
   System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +234
   System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +169
schneidenbach commented 4 years ago

Reached out to Robert to figure out if he had fixed it - the resolution steps he gave me worked.

  1. Delete and re-add App Service instance in Azure.
  2. Redeploy app.
  3. Add custom domain.
  4. Login to Kudu using Basic Auth.
  5. Install and reconfigure Azure Let's Encrypt.
  6. Install certificate - great success!
JeffCalmRay commented 4 years ago

I'm having similar (I think) problems as above, I've tried the steps suggested to resolve, but I am still receiving this error: [Exception: Unable to complete challenge with Lets Encrypt servers error was: {"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1187863263/RoHhzg","status":"Invalid","validated":null,"error":{"Type":"urn:ietf:params:acme:error:unauthorized","Detail":"Invalid response from http://<mysite>.com/.well-known/acme-challenge/<Encoded string<IP Address>]: 500","Identifier":null,"Subproblems":null,"Status":403},"errors":null,"token":"<Token>","keyAuthorization":null}]


   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.Azure.Core.<RequestInternalAsync>d__14.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:206
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.Azure.Core.<RequestAndInstallInternalAsync>d__15.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:230
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   LetsEncrypt.SiteExtension.Controllers.<Install>d__7.MoveNext() in D:\a\1\s\LetsEncrypt-SiteExtension\Controllers\HomeController.cs:249
   System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +99
   System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
   System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +97
   System.Web.Mvc.Async.<>c__DisplayClass8_0.<BeginInvokeAsynchronousActionMethod>b__1(IAsyncResult asyncResult) +17
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32
   System.Web.Mvc.Async.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() +58
   System.Web.Mvc.Async.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() +228
   System.Web.Mvc.Async.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34
   System.Web.Mvc.Async.<>c__DisplayClass3_6.<BeginInvokeAction>b__4() +35
   System.Web.Mvc.Async.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult) +100
   System.Web.Mvc.Async.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) +10
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27
   System.Web.Mvc.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) +11
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +45
   System.Web.Mvc.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller) +13
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +22
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26
   System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10
   System.Web.Mvc.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) +28
   System.Web.Mvc.Async.WrappedAsyncVoid`1.CallEndDelegate(IAsyncResult asyncResult) +29
   System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
   System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
   System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
   System.Web.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) +152
   System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +126```
schneidenbach commented 4 years ago

I'm having similar (I think) problems as above, I've tried the steps suggested to resolve

Did you login to Kudu with basic auth?

JeffCalmRay commented 4 years ago

@schneidenbach Yes. I think the problem is routing.

capacious commented 4 years ago

I have the same issue; I've followed all the steps but still receive the following error while the /.well-known/acme-challenge/huppedgafdahfadjgfd exist and can be opened and viewed when pasting the URL in the browser:

Unable to complete challenge with Lets Encrypt servers error was: {"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/1686310330/6rgd2A","status":"Invalid","validated":null,"error":{"Type":"urn:ietf:params:acme:error:unauthorized","Detail":"Invalid response from http:///.well-known/acme-challenge/gfdgfdsgfgfd [2a00:4e40:1:1::2:20b]: \"<!doctype html><html lang=\\"nl\\"> <meta charset=\\"UTF-8\\"> <meta name=\\"viewport\\" content=\\"width=device-width, user-scalable=no\"","Identifier":null,"Subproblems":null,"Status":403},"errors":null,"token":"fhjdghfdgdfgdhgdfhgfdgf","keyAuthorization":null}

This specific app service is IIS based and it's running WordPress. I don't see anything strange anywhere that would cause a redirect that would prevent from getting to /.well-known/acme-challenge The App Service doesn't enforce https yet so that also shouldn't be an issue; any ideas?

Kisitova commented 4 years ago

I have the similar with subdomains

Unable to complete challenge with Lets Encrypt servers error was: {"type":"http-01","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/4242170131/V8ZiIw","status":"Invalid","validated":null,"error":{"Type":"urn:ietf:params:acme:error:dns","Detail":"DNS problem: SERVFAIL looking up A for euphoria.yoshop.ge - the domain's nameservers may be malfunctioning","Identifier":null,"Subproblems":null,"Status":400},"errors":null,"token":"czHtcfrzhms14Z3IfTlZ80ex2gciRZYloZZDVhsH7tg","keyAuthorization":null} Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

ShawnTheBeachy commented 4 years ago

Is this something that's being worked on or do I need to be finding another solution for SSL?

robertmclaws commented 4 years ago

Azure has built-in SSL cert process that lets you do this for free now, no add-in required. It appears to use GeoTrust and not LetsEncrypt.

You can learn more here: https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-certificate-preview

ShawnTheBeachy commented 4 years ago

@robertmclaws Oh this is so great, thank you!

ohadschn commented 4 years ago

The built-in solution doesn't support naked/apex domains, so at this point it's not really viable...

ShawnTheBeachy commented 4 years ago

Yeah I got it set up for my dev and staging sites, but unfortunately it's not much good if I can't actually set it up for my production site... May just have to end up buying a cert and avoiding the hassle.

capacious commented 4 years ago

I haven't heard anything anymore and went for an Azure paid certificate for two years for my customer with automatic renewal. No worries there anymore and I save a lot of time now. :-s

robertmclaws commented 4 years ago

@ShawnTheBeachy I put my production site on https://app.burnrate.io and use the root domain for my marketing site on Webflow. Lets me decouple marketing from dev/devops, and has been a huge leg up for us in being able to roll out marketing site updates.

npjabirpkv commented 2 years ago

This issue could happen if you have 2 or more A records added in you domain name. When you are doing nslookup to your domain name and result has two IP address, please remove IP address which is not required.

When you are using godaddy to host your domain, the provide you a static website which shows as Site is coming soon by adding a "parked" A record. Please remove this parked A record try again to add LetsEncrypt extension.