Comments (24)
I have the same problem and it seems like
http://...../.well-known/acme-challenge/... doesn't have an extension so IIS is returning a 404 Not Found
from letsencrypt-siteextension.
I think it's related to this issue #4 Are you using ASP.NET 5 (ASP.NET Core)?
from letsencrypt-siteextension.
I'm using .net framework 4.6, not the new one (core or how it's called now). Nothing very new or experimental.
How can I debug this?
Thanks
Evdin
-----Mesaj original-----
De la: "Yitzchok G" [email protected]
Trimis: 03.02.2016 22:59
Către: "sjkp/letsencrypt-siteextension" [email protected]
Cc: "evdinursan" [email protected]
Subiect: Re: [letsencrypt-siteextension] The webjob is running succesfully butno certificate downloaded or assigned (#18)
I think it's related to this issue #4 Are you using ASP.NET 5 (ASP.NET Core)?
—
Reply to this email directly or view it on GitHub.
from letsencrypt-siteextension.
Try going to {site}.scm.azurewebsites.net/DebugConsole
Find the root of your application and navigate to /.well-known/acme-challenge/
Then try to navigate to a file in that directory from the browser and see if it returns the file
For ASP.NET 5 (which uses .net framework 4.6)
I set
app.UseStaticFiles(new StaticFileOptions { ServeUnknownFileTypes = true });
from letsencrypt-siteextension.
@evdinursan is nothing logged to the webjobs output window?
from letsencrypt-siteextension.
@sjkp nothing in the webjobs output; both "Functions.RenewCertificate" and "Functions.SetupHostNameAndCertificate" run successfully but indeed, no output.
from letsencrypt-siteextension.
@Yitzchok I found that folder and there are a lot of files in it and I took any of that extension-less file and pasted the complete URL into a new browser tab and it's going ok - no 404 - the browser offers me the possibility to download the file - so I guess that is nothing wrong with the server configuration.
from letsencrypt-siteextension.
Did you go through the process of adding the app settings from the site extension or did you add them manually through the azure portal or with ARM?
from letsencrypt-siteextension.
Guess I need to add some more logging. I will drop a new version tonight.
from letsencrypt-siteextension.
I went through the azure portal app settings path. Everything was set accordingly to the previous mentioned tutorial.
from letsencrypt-siteextension.
I'm experiencing this too. It appears that they're no certificates being created. Where does this tool put them? I could try and manually verify their existence. In the Azure portal I don't see any available certificates though.
from letsencrypt-siteextension.
The files are located in D:\home\SiteExtensions\letsencrypt\config\httpsacme-v01.api.letsencrypt.org\
From here they are copied to the app hosting plan (that holds the certificates in Azure).
You did go through all the steps in the site extension interface right, meaning you did do a Request and Install certificate step manually? The web jobs will only automatically install the certificate and renew them if they have been installed once from the site extension or you have used the fully automated ARM template (e.g. had a app setting with letsencrypt:Hostnames)
from letsencrypt-siteextension.
@sjkp yup, I got a Registration and Signer file. I assume the Signer is the private key, based on the contents of Registration. Registration looks like this:
{ "Contacts": [ "mailto:{my-email}" ], "PublicKey": { "e": "{exponent}", "kty": "RSA", "n": "{the-public-key?}", }, "RecoveryKey": null, "RegistrationUri": "https://acme-v01.api.letsencrypt.org/acme/reg/371800", "Links": [ "<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel=\"next\"", "<https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf>;rel=\"terms-of-service\"" ], "TosLinkUri": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "AuthorizationsUri": null, "CertificatesUri": null }
For what its worth I followed this guide verbatim up until I was supposed to test https on my site, and that's the first point I ran into issues.
from letsencrypt-siteextension.
These are the files in the folder after a success full installation
02/05/2016 09:53 AM <DIR> .
02/05/2016 09:53 AM <DIR> ..
02/05/2016 09:53 AM 1,196 ca-009813F47513E5750B43E7431E971E44BD-crt.der
02/05/2016 09:53 AM 1,675 ca-009813F47513E5750B43E7431E971E44BD-crt.pem
02/05/2016 09:53 AM 4,121 <domain>.dk-all.pfx
02/05/2016 09:53 AM 1,282 <domain>.dk-crt.der
02/05/2016 09:53 AM 1,793 <domain>.dk-crt.pem
02/05/2016 09:53 AM 895 <domain>.dk-csr.pem
02/05/2016 09:53 AM 2 <domain>.dk-gen-csr.json
02/05/2016 09:53 AM 1,754 <domain>.dk-gen-key.json
02/05/2016 09:53 AM 1,675 <domain>.dk-key.pem
02/05/2016 09:53 AM 998 Registration
02/05/2016 09:53 AM 1,679 Signer
11 File(s) 17,070 bytes
2 Dir(s) 53,619,695,616 bytes free
from letsencrypt-siteextension.
Okay, that's a good bit different that what I've got. I tried uninstalling/reinstalling the extension from the gallery and that didn't fix it. I'll try from scratch tonight and see what I can get figured out.
EDIT: Tried again to the results. Not sure what to do. Looks like @evdinursan has the same thing going on.
from letsencrypt-siteextension.
@sjkp I don't have those files in that folder - I have only Signer and Registration. That's all.
Thanks.
Evdin
from letsencrypt-siteextension.
Can you browse /.well-known/acme-challenge/
Lets encrypts servers need to be able to browse that URL where the extension places the challenge file after registration to prove that you are in control of the domain. If it can't get the challenge it wont issue you any certificates.
from letsencrypt-siteextension.
Already did that 3 days ago as I mentioned it here and everything works. No 404, no errors, just serving the file as expected.
from letsencrypt-siteextension.
@sjkp: {domain}.scm.azurewebsites.net/.well-known/acme-challenge/ gives me "No route registered for '/.well-known/acme-challenge/'".
from letsencrypt-siteextension.
@sjkp @evdinursan I figured out what's going wrong with the challenges on my end. My application isn't serving the static files and instead routing all web requests to an echo command I setup. I'll report back when I get a new build to fix that.
Edit: Can confirm that serving static files fixes things.
from letsencrypt-siteextension.
Sorry but I really don't get it. We have 2 scenarios right now:
a) https://xyz.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY is served correctly and everything is OK
b) https://xyz.scm.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY gives me "No route registered for '/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY'"
So, lets encrypt looks where for these files - in the scm or in the website?
Thanks.
Evdin
from letsencrypt-siteextension.
The scm site is only accessible to you because you are logged in, so Lets encrypts doesnt look at the SCM site.
https://xyz.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY
from letsencrypt-siteextension.
These were my thoughts also but now what else can be wrong? What else can I do in order to debug and get a certificate? :-)
Thank you.
from letsencrypt-siteextension.
I fixed it :-))))))))))))))))))))))))))))
Unistalled 0.3.7 and re-installed 0.4.2 and worked like a charm... Don't know why... What I know is that right now I have a working SSL certificate for my website.
Thank you for your extension - is great!!!!
from letsencrypt-siteextension.
Related Issues (20)
- Auto renewal job finding 0 certs
- Can not finalize order with status 'valid'
- Upgrade to latest Microsoft.Azure.Management.Websites library not possible
- Staging server throws "Can not find issuer" Error HOT 2
- Error: The Service Plan is using the Shared which doesn't support SSL certificates.
- "Object reference not set to an instance of an object" when trying to install certificate HOT 1
- Server error HOT 1
- Let's Encrypt change on September 30 (DST Root CA X3) HOT 7
- Cannot renew when using Testing-In-Production and running from a slot
- GCC High/Azure Gov Tenants receive AADSTS900382: Confidential Client is not supported in Cross Cloud request HOT 2
- Azure.WebJobs.Host.FunctionInvocationException - Functions.AddCertificate HOT 1
- Authentication from webapp to Geneva fails continuosusly, Appservice restart temporarily fixes the problem but issues reappears after a while.
- Certs are not renewing HOT 14
- Weird client ID HOT 1
- AADSTS900382: Confidential Client is not supported in Cross Cloud request. HOT 3
- Is there any impact for the vulnerability of OpenSSl as Let's Encrypt uses it
- "Browse" button no longer there under Extensions in Azure? HOT 6
- .NET Standard 2.0 support
- Cannot find issuer for certificate HOT 16
- Hitting a duplicate certificate limit HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from letsencrypt-siteextension.