shibayan / containerapps-acmebot Goto Github PK

Describe the bug
Installed the function app, gave the permissions and try to create certificate. I get error saying:
Orchestrator function 'AddCertificate_Orchestrator' failed: The activity function 'UploadCertificate' failed: "The method or operation is not implemented.". See the function execution logs for additional details.

Environment (please complete the following information):

• Certificate Type: [e.g. Zone apex, Sub-domain, Wildcard]
• Wildcard and sub-domain

Additional context
Add any other context about the problem here.
Orchestrator function 'AddCertificate_Orchestrator' failed: The activity function 'UploadCertificate' failed: "The method or operation is not implemented.". See the function execution logs for additional details.

Describe the bug
I deployed a container app acmebot instance and then deployed one wildcard certificate to a container app environment. The certificate expired and did not auto-renew. Upon checking the logs, it seems the RenewCertificate_Orchestrator runs, but says "Certificates not found".

To Reproduce
Steps to reproduce the behavior:

1. Deploy containerappps-acmebot
2. Enable authentication and navigate to function app portal
3. Create new wildcard certificate for container app environment
4. Certificate expires and does not auto-renew. Logs indicate "certificates not found" by RenewCertificate_Orchestrator

Environment (please complete the following information):

• Certificate Type: wildcard

Additional context
This has occured on all containerapps-acmebot instances I have deployed, for wildcard certs, different domains, in different Azure subscriptions.

Describe the bug
When trying to add a certificate I get this error:

Orchestrator function 'AddCertificate_Orchestrator' failed: The orchestrator function 'BindToContainerApp' failed: "The activity function 'BindDomains' failed: "Service request failed.
Status: 400 (Bad Request)

Content:
{"code":"ContainerAppSecretNull","message":"Invalid Request: Container app secret(s) with name(s) 'reg-pswd-4e853129-a6fb' cannot have a value of null."}

Headers:
Cache-Control: no-cache
Pragma: no-cache
x-ms-ratelimit-remaining-subscription-resource-requests: REDACTED
api-supported-versions: REDACTED
Server: Microsoft-IIS/10.0
X-Powered-By: REDACTED
x-ms-request-id: 4b5a805d-73b2-4c0d-92bd-1b1376a3518a
x-ms-correlation-request-id: REDACTED
x-ms-routing-request-id: REDACTED
Strict-Transport-Security: REDACTED
X-Content-Type-Options: REDACTED
Date: Wed, 07 Sep 2022 18:49:39 GMT
Content-Length: 153
Content-Type: application/json; charset=utf-8
Expires: -1
". See the function execution logs for additional details.". See the function execution logs for additional details.

Seems to be a bug with az cli?
microsoft/azure-container-apps#259
microsoft/azure-container-apps#299

Appearntly fixed in CLI version 2.39.0. Not sure if the cli is used in this project, or maybe the equivalent needs to be upgraded?

To Reproduce
Steps to reproduce the behavior:

1. Set up a Container App with a secret
2. Try to set up the certificate

Environment (please complete the following information):

• Container App: Linux
• Certificate Type: Wildcard, Azure DNS Zone

Additional context
I do have a secret in the App Container.

Is your feature request related to a problem? Please describe.
I love this project and what it helps provide! In my case, I use Dreamhost as my DNS provider/manager. Is it possible to enable this to NOT do a DNS Zone/Name?

Describe the solution you'd like
Add the ability to specify "Azure Managed / Not-Azure Managed" for the Function.

Describe alternatives you've considered
I tried not specifying a DNS Zone/Name, but the submit button doesn't work w/o it.

Additional context
I'm willing to work on the PR if you can point me in the right direction.

Thanks!

Describe the bug
Trying to add a certificate, but it keeps giving a null reference exception:

Orchestrator function 'AddCertificate_Orchestrator' failed: The orchestrator function 'BindToContainerApp' failed: "The activity function 'ValidateDomain' failed: "Object reference not set to an instance of an object.". See the function execution logs for additional details.". See the function execution logs for additional details.

Through app insights, I can see that it is failing at ValidateDomain at line 540. The POST request to GetCustomHostNameAnalysis returns 200 as well. This may be something to do with Azure's SDK's GetCustomHostNameAnalysisAsync method perhaps?

To Reproduce
Steps to reproduce the behavior:

1. Deploy the acmebot
2. Go to the function app and add an entry
3. Error pop up as described.

Environment (please complete the following information):

• Certificate Type: Sub-domain

Additional context
I've recently did 3 entries last week (18/19th August) and it worked well.
I've noticed you've also changed the Nuget package for some of the SDKs, I'm wondering if the breaking namespace change may have caused it to error?

Describe the bug
It seems that DNS Zones and Container Apps can't be found, if they are located in a different subscription.
Is there any option to configure the Subscription?

To Reproduce
Steps to reproduce the behavior:

1. Place Function in Subscription A
2. Place Container Apps in Subscription B
3. Place DNS Zones in Subscription C

Describe the bug
Similar to #62 I get an Upload failed error; however, the certs end up being issued and installed in the Container App Env.
Access control is configured correctly and I have issues certs to the same environment.

To Reproduce
Steps to reproduce the behavior:
Add new cert to environment.

Environment (please complete the following information):

• Certificate Type: [e.g. Zone apex, Sub-domain, Wildcard]
  Nested sub-domain and nested sub-domain wildcard

Additional context
Error details:

• System.NotImplementedException
• Azure.ResourceManager.AppContainers.AppContainersArmOperation`1.get_Id
• UploadCertificate

Is your feature request related to a problem? Please describe.
I hope I didn't miss anything but currently, as far as I can see, there is no support to set the container environment dns suffix via lets encrypt. While the bot supports creating wildcard certificates it's not yet able to assign them to the custom dns suffix.
The azure portal doesn't allow setting a custom dns suffix without providing a certificate.

It would be nice if the bot could add the dns suffix and upload the wildcard certificate for it aswell as auto update that certificate when needed without the need for each app to bind to that certificate.

Describe the solution you'd like
Maybe a checkbox if a "*.domain" wildcard certificate is created, if the certificate (and dns suffix) should be added to the container app env.

Maybe like that:

Describe the bug
When i try to create the deployment this error message gets kicked back by azure:

{
"code": "InvalidTemplateDeployment",
"details": [
{
"message": "Object reference not set to an instance of an object."
}
],
"message": "The template deployment 'Microsoft.Template-20220817155227' is not valid according to the validation procedure. The tracking id is '654a7dd2-bfcf-421c-9c62-bd65fa38de7c'. See inner errors for details."
}

To Reproduce
Steps to reproduce the behavior:
1: Click Deploy to Azure(Public)
2: Fill out fields
3: Review and Create

Describe the bug
I'm currently trying to deploy this. My first problem was that I already have reached the limit os service plans in my subscription.
So I changed the template to reference an existing service plan.
While this worked I now got the error:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"message":"AppSetting with name 'Acmebot:SubscriptionId' is not allowed."}]}

I then changed all "Acmebot:" to "Acmebot__" and it successfully deployed. I've set up authentication but now I'm stuck with "The service is unavailable." and the portal says "Azure Functions runtime is unreachable"

To Reproduce
Steps to reproduce the behavior:

1. Try deploy with "Deploy to azure" button.