The webjob is running succesfully but no certificate downloaded or assigned about letsencrypt-siteextension HOT 24 CLOSED

I have the same problem and it seems like
http://...../.well-known/acme-challenge/... doesn't have an extension so IIS is returning a 404 Not Found

from letsencrypt-siteextension.

I think it's related to this issue #4 Are you using ASP.NET 5 (ASP.NET Core)?

from letsencrypt-siteextension.

I'm using .net framework 4.6, not the new one (core or how it's called now). Nothing very new or experimental.

How can I debug this?

Thanks
Evdin

-----Mesaj original-----
De la: "Yitzchok G" [email protected]
Trimis: ‎03.‎02.‎2016 22:59
Către: "sjkp/letsencrypt-siteextension" [email protected]
Cc: "evdinursan" [email protected]
Subiect: Re: [letsencrypt-siteextension] The webjob is running succesfully butno certificate downloaded or assigned (#18)

I think it's related to this issue #4 Are you using ASP.NET 5 (ASP.NET Core)?
—
Reply to this email directly or view it on GitHub.

from letsencrypt-siteextension.

Try going to {site}.scm.azurewebsites.net/DebugConsole
Find the root of your application and navigate to /.well-known/acme-challenge/

Then try to navigate to a file in that directory from the browser and see if it returns the file

For ASP.NET 5 (which uses .net framework 4.6)

I set
app.UseStaticFiles(new StaticFileOptions { ServeUnknownFileTypes = true });

from letsencrypt-siteextension.

@evdinursan is nothing logged to the webjobs output window?

from letsencrypt-siteextension.

@sjkp nothing in the webjobs output; both "Functions.RenewCertificate" and "Functions.SetupHostNameAndCertificate" run successfully but indeed, no output.

from letsencrypt-siteextension.

@Yitzchok I found that folder and there are a lot of files in it and I took any of that extension-less file and pasted the complete URL into a new browser tab and it's going ok - no 404 - the browser offers me the possibility to download the file - so I guess that is nothing wrong with the server configuration.

from letsencrypt-siteextension.

Did you go through the process of adding the app settings from the site extension or did you add them manually through the azure portal or with ARM?

from letsencrypt-siteextension.

Guess I need to add some more logging. I will drop a new version tonight.

from letsencrypt-siteextension.

I went through the azure portal app settings path. Everything was set accordingly to the previous mentioned tutorial.

from letsencrypt-siteextension.

I'm experiencing this too. It appears that they're no certificates being created. Where does this tool put them? I could try and manually verify their existence. In the Azure portal I don't see any available certificates though.

from letsencrypt-siteextension.

The files are located in D:\home\SiteExtensions\letsencrypt\config\httpsacme-v01.api.letsencrypt.org\

From here they are copied to the app hosting plan (that holds the certificates in Azure).

You did go through all the steps in the site extension interface right, meaning you did do a Request and Install certificate step manually? The web jobs will only automatically install the certificate and renew them if they have been installed once from the site extension or you have used the fully automated ARM template (e.g. had a app setting with letsencrypt:Hostnames)

from letsencrypt-siteextension.

@sjkp yup, I got a Registration and Signer file. I assume the Signer is the private key, based on the contents of Registration. Registration looks like this:

{ "Contacts": [ "mailto:{my-email}" ], "PublicKey": { "e": "{exponent}", "kty": "RSA", "n": "{the-public-key?}", }, "RecoveryKey": null, "RegistrationUri": "https://acme-v01.api.letsencrypt.org/acme/reg/371800", "Links": [ "<https://acme-v01.api.letsencrypt.org/acme/new-authz>;rel=\"next\"", "<https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf>;rel=\"terms-of-service\"" ], "TosLinkUri": "https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf", "AuthorizationsUri": null, "CertificatesUri": null }

For what its worth I followed this guide verbatim up until I was supposed to test https on my site, and that's the first point I ran into issues.

from letsencrypt-siteextension.

These are the files in the folder after a success full installation

02/05/2016  09:53 AM    <DIR>          .
02/05/2016  09:53 AM    <DIR>          ..
02/05/2016  09:53 AM             1,196 ca-009813F47513E5750B43E7431E971E44BD-crt.der
02/05/2016  09:53 AM             1,675 ca-009813F47513E5750B43E7431E971E44BD-crt.pem
02/05/2016  09:53 AM             4,121 <domain>.dk-all.pfx
02/05/2016  09:53 AM             1,282 <domain>.dk-crt.der
02/05/2016  09:53 AM             1,793 <domain>.dk-crt.pem
02/05/2016  09:53 AM               895 <domain>.dk-csr.pem
02/05/2016  09:53 AM                 2 <domain>.dk-gen-csr.json
02/05/2016  09:53 AM             1,754 <domain>.dk-gen-key.json
02/05/2016  09:53 AM             1,675 <domain>.dk-key.pem
02/05/2016  09:53 AM               998 Registration
02/05/2016  09:53 AM             1,679 Signer
              11 File(s)         17,070 bytes
               2 Dir(s)  53,619,695,616 bytes free

from letsencrypt-siteextension.

Okay, that's a good bit different that what I've got. I tried uninstalling/reinstalling the extension from the gallery and that didn't fix it. I'll try from scratch tonight and see what I can get figured out.

EDIT: Tried again to the results. Not sure what to do. Looks like @evdinursan has the same thing going on.

from letsencrypt-siteextension.

@sjkp I don't have those files in that folder - I have only Signer and Registration. That's all.

Thanks.
Evdin

from letsencrypt-siteextension.

Can you browse /.well-known/acme-challenge/

Lets encrypts servers need to be able to browse that URL where the extension places the challenge file after registration to prove that you are in control of the domain. If it can't get the challenge it wont issue you any certificates.

from letsencrypt-siteextension.

Already did that 3 days ago as I mentioned it here and everything works. No 404, no errors, just serving the file as expected.

from letsencrypt-siteextension.

@sjkp: {domain}.scm.azurewebsites.net/.well-known/acme-challenge/ gives me "No route registered for '/.well-known/acme-challenge/'".

from letsencrypt-siteextension.

@sjkp @evdinursan I figured out what's going wrong with the challenges on my end. My application isn't serving the static files and instead routing all web requests to an echo command I setup. I'll report back when I get a new build to fix that.

Edit: Can confirm that serving static files fixes things.

from letsencrypt-siteextension.

Sorry but I really don't get it. We have 2 scenarios right now:

a) https://xyz.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY is served correctly and everything is OK
b) https://xyz.scm.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY gives me "No route registered for '/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY'"

So, lets encrypt looks where for these files - in the scm or in the website?

Thanks.
Evdin

from letsencrypt-siteextension.

The scm site is only accessible to you because you are logged in, so Lets encrypts doesnt look at the SCM site.
https://xyz.azurewebsites.net/.well-known/acme-challenge/K5YB5RCKWrNbrBnFWKDzOY78vNdVnJaYC3JOFTot7VY

from letsencrypt-siteextension.

These were my thoughts also but now what else can be wrong? What else can I do in order to debug and get a certificate? :-)

Thank you.

from letsencrypt-siteextension.

I fixed it :-))))))))))))))))))))))))))))

Unistalled 0.3.7 and re-installed 0.4.2 and worked like a charm... Don't know why... What I know is that right now I have a working SSL certificate for my website.

Thank you for your extension - is great!!!!

from letsencrypt-siteextension.