search

sjkp / letsencrypt-siteextension

Azure Web App Site Extension for easy installation and configuration of Let's Encrypt issued SSL certifcates for custom domain names.
744 stars 77 forks source link

Loading certificate error #53

Open bmacadam opened 8 years ago

bmacadam commented 8 years ago

I'm attempting to use the site extension on a straight html only site in Azure. When I request a certificate, I receive the error message below. I suspect that it has something do to with privileges within the /.well-known/acme-challenge/ folder but I'm not sure. You mention that the extension needs to be able to browse the folder. Does that mean that you can navigate to the folder in a browser and receive a listing of the folder contents?

` Server Error in '/letsencrypt' Application.

Certificate 6FA5136CBDCBEF0C71EFA13E46B4B7E48F750FDA was not found. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Rest.Azure.CloudException: Certificate 6FA5136CBDCBEF0C71EFA13E46B4B7E48F750FDA was not found.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CloudException: Certificate 6FA5136CBDCBEF0C71EFA13E46B4B7E48F750FDA was not found.] Microsoft.Azure.Management.WebSites.d31.MoveNext() +4308 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.d53.MoveNext() +249 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.SitesOperationsExtensions.BeginCreateOrUpdateSite(ISitesOperations operations, String resourceGroupName, String name, Site siteEnvelope, String skipDnsRegistration, String skipCustomDomainVerification, String forceDnsRegistration, String ttlInSeconds) +212 LetsEncrypt.SiteExtension.Core.CertificateManager.Install(Target target, String pfxFilename, X509Certificate2 certificate) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:493 LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:450 LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:244 LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +615 lambda_method(Closure , ControllerBase , Object[] ) +104 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +169 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +27 System.Web.Mvc.Async.AsyncControllerActionInvoker.b39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.b3d() +50 System.Web.Mvc.Async.<>cDisplayClass46.b3f() +225 System.Web.Mvc.Async.<>cDisplayClass33.b32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>cDisplayClass2b.b1c() +26 System.Web.Mvc.Async.<>cDisplayClass21.b1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.b1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.b15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +22 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1055.0 `

sjkp commented 8 years ago

Judging from the stack trace, it seems like it did generate a SSL certificate for you and is failing to install it. Are you web site running in another resource group than your app hosting plan? Because most likely that is the reason, and you didn't configure this correct on the first page.

Resourcegroup name should be the name of the resource group that your web app is located in. Serviceplan resource group name should be the name of the resource group that your service plan is located in.

khairulfathi commented 8 years ago

Hello @sjkp

Just want to verify, ServicePlanResourceGroupName is referring to Resource Group Name for App Service plan/pricing tier right? Because when I change the value based on value in Azure portal, I got this error "The ServicePlanResourceGroupName registered under application settings X does not match the ServicePlanResourceGroupName you entered here Y".

Any ideas?

letsencrypt_error

Thanks.

bmacadam commented 8 years ago

To follow up on skjp's reply to me...

As it turned out my app hosting plan was not in the same resource group. It had been but I moved things around when I was trying to get the extension to work. After setting up the extension for four different sites, I came to the realization that sometimes the process didn't go through on the first try but did on the second with no modifications to the form.

khairufathi - I did discover a small issue with the form where you enter the resource group, etc. It doesn't trim trailing spaces. When I copied and pasted the resource group name from the portal, I noticed that the resource group name in the error message had an extra space at the end of it.

khairulfathi commented 8 years ago

That would be my first assumption as well (having spaces, etc) but already ensure that that is not the case. And I admit my hosting plan is not in the same resource group with service plan. But even with providing the exact resources name, I still face this issue.

  1. Since issue is with certificate installation, I assume there's already a pfx file generated. Is it possible to install this manually first via Azure portal? I seem can't find this file in any locations.
  2. Worst case, I may have to redeploy both plans in the same resource group. Quite a hassle to start from scratch but should be able to complete within a day or two.

Thanks.

sjkp commented 8 years ago

It is not a requirement to use the same resource group for hosting plan and web app, as long as you set it up correctly.
Yes you can download the pfx manually, if you got that far in the process, the pfx files are located under. D:\home\SiteExtensions\letsencrypt\config\httpsacme-v01.api.letsencrypt.org> or D:\home\SiteExtensions\letsencrypt\config\httpsacme-staging.api.letsencrypt.org> if you use staging (which you probably should be until you get that working, so you don't run out of Requests to the prod environment)

ge33ek commented 8 years ago

Hi All,

I'm having similar problems described here, in that, all my Automated Installation variables are in and working. I also provide the ResourceGroupName and then selected Update Application settings. This in turn sets the ServicePlanResourceGroupName to the same value.

I restart the site to ensure settings are taken, click next, it identifies all the custom domains. I select next again, select the domain, type my e-mail and submit, receive the following error.

I will also mention, in case it is important, when I originally tried, i was told my site didn't support SSL, or something of that nature, I upgraded by WebApp from a Shared to a B1 - not sure if this has impacted in some way.

If i browse to D:\home\SiteExtensions\letsencrypt ..... there is a certificate. The LetsEncrypt UI also shows every certificate from my repetitive attempts. I never receive any e-mail.

capture

Log export below; Server Error in '/letsencrypt' Application.

Certificate 932399892F1D5B238FD9BFFD87A7107D4D6D9B9A was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Rest.Azure.CloudException: Certificate 932399892F1D5B238FD9BFFD87A7107D4D6D9B9A was not found.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CloudException: Certificate 932399892F1D5B238FD9BFFD87A7107D4D6D9B9A was not found.] Microsoft.Azure.Management.WebSites.d31.MoveNext() +4308 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.d53.MoveNext() +249 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.SitesOperationsExtensions.BeginCreateOrUpdateSite(ISitesOperations operations, String resourceGroupName, String name, Site siteEnvelope, String skipDnsRegistration, String skipCustomDomainVerification, String forceDnsRegistration, String ttlInSeconds) +212 LetsEncrypt.SiteExtension.Core.CertificateManager.Install(Target target, String pfxFilename, X509Certificate2 certificate) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:497 LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:454 LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:248 LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +604 lambda_method(Closure , ControllerBase , Object[] ) +104 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +169 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +27 System.Web.Mvc.Async.AsyncControllerActionInvoker.b39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.b3d() +50 System.Web.Mvc.Async.<>cDisplayClass46.b3f() +225 System.Web.Mvc.Async.<>cDisplayClass33.b32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>cDisplayClass2b.b1c() +26 System.Web.Mvc.Async.<>cDisplayClass21.b1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.b1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.b15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +22 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1055.0

sjkp commented 8 years ago

Hi @ge33ek Well both ResourceGroupName and ServicePlanResourceGroupName must be set. if you don't provide a value for ServicePlanResourceGroupName, the extension will assume that the Service Plan hosting the web app is in the same resource group as the app service, which is why the value is set to the same as the ResourceGroupName you provided.

From the error you get that doesn't seem that your app service plan and app service (formly know as web site) is in the same resource group.

The certificates are located in the service plan, and for the site extension to locate that service plan and assign the certificate to the site, it must know the resource group of the service plan, which is why it is possible to specify it separately from the Resource Group name.

ge33ek commented 8 years ago

Thanks for the quick response @sjkp - you were right, my Service Plan was in a separate Resource Group to the one the actual Web-Apps were hosted in. Once I changed this to the Resource Group that the Service Plan was in, it all worked seamlessly.

Great work, donation coming soon!

carcer commented 7 years ago

Hi all,

I am hitting this issue. As far as I can see, we have correctly set the resource groups, as our service plan is a different group. Below is the error, for what it's worth. Please let me know if there is any other info I should post

Server Error in '/letsencrypt' Application.

Certificate 2AB49454A65972854FCA55460D719DD9285F17BA was not found.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Rest.Azure.CloudException: Certificate 2AB49454A65972854FCA55460D719DD9285F17BA was not found.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CloudException: Certificate 2AB49454A65972854FCA55460D719DD9285F17BA was not found.] Microsoft.Azure.Management.WebSites.d31.MoveNext() +4308 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.d53.MoveNext() +249 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 Microsoft.Azure.Management.WebSites.SitesOperationsExtensions.BeginCreateOrUpdateSite(ISitesOperations operations, String resourceGroupName, String name, Site siteEnvelope, String skipDnsRegistration, String skipCustomDomainVerification, String forceDnsRegistration, String ttlInSeconds) +212 LetsEncrypt.SiteExtension.Core.CertificateManager.Install(Target target, String pfxFilename, X509Certificate2 certificate) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:497 LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:454 LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:248 LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +604 lambda_method(Closure , ControllerBase , Object[] ) +104 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary2 parameters) +169 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary2 parameters) +27 System.Web.Mvc.Async.AsyncControllerActionInvoker.b39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.b3d() +50 System.Web.Mvc.Async.<>cDisplayClass46.b3f() +225 System.Web.Mvc.Async.<>cDisplayClass33.b32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>cDisplayClass2b.b1c() +26 System.Web.Mvc.Async.<>cDisplayClass21.b1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.b1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.b15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +22 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.6.1055.0 0

jessenic commented 7 years ago

I'm having the certificate not found issue as well. I have only 2 resource groups, one for ApplicationInsights and another for everything else.