Comments (19)
@shibayan, now I understand. Thanks for help
from appservice-acmebot.
That was it, I delegated domain and your function worked as a charm. Thank you!
from appservice-acmebot.
@jakubzloczewski There was a bug in the error log output, so I fixed it. Please restart Azure Functions from Portal and try again.
from appservice-acmebot.
Great, now in log I see Azure DNS zone "mydomain.com" is not found
but I have let's say 'mydomian.com' assigned to site.
Does it means that I need something called "Azure DNS" ?
from appservice-acmebot.
Yes. If you use wildcard certificate, needs Azure DNS zone mydomain.com
.
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal
from appservice-acmebot.
But without wildcard will it work or not? How to determine if function will register wildcard cert or not-wildcard cert?
from appservice-acmebot.
If you are targeting Linux App Service (including Web App for Containers) or wildcard certificate, you need Azure DNS. For Windows App Service, Azure DNS should not be needed.
https://github.com/shibayan/azure-appservice-letsencrypt/blob/master/AzureAppService.LetsEncrypt/AddCertificate.cs#L45
from appservice-acmebot.
Hey @shibayan I encounter the same issue as @jakubzloczewski. I have Web App for Linux Containers. After reading answer above, I setup DNS Zone for my App. Now I am getting another errror:
"Orchestrator function 'AddCertificate' failed: The activity function 'AnswerChallenges' failed: "Operation is not valid due to the current state of the object.". See the function execution logs for additional details."
Kindly please for some hint.
from appservice-acmebot.
@RosiV Please check AnswerChallenges
monitor logs. Although it seems that the Azure DNS setting has no problem, it is necessary to know the cause of the error.
from appservice-acmebot.
type: "dns-01",
status: "invalid",
error: {
type: "urn:ietf:params:acme:error:dns",
detail: "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com",
status: 400
},
url: "https://acme-v02.api.letsencrypt.org/acme/challenge//8536221294",
token: "DS1-Lb3d_Xb0k5ZL....."
from appservice-acmebot.
@RosiV The version you are using may not be up-to-date. If you deployed using Deploy to Azure Button, please execute Restart from Azure Portal. So the latest version will be deployed.
from appservice-acmebot.
I'm sorry, I misunderstood. Your version is latest.
from appservice-acmebot.
No problem. So it looks for me like the TXT entry in DNS Zone is invalid. Do I have to update it manually?
from appservice-acmebot.
Is _acme-challenge
TXT record created automatically in Azure DNS as in the image?
It is not necessary to create a TXT record manually.
from appservice-acmebot.
If you created Azure DNS and set up Name Server a while ago, it may not be reflected in the DNS used by Let's Encrypt.
In that case I think that it will work on retry waiting for several hours.
from appservice-acmebot.
I have just re-created DNS Zone, just to be sure I did not mess up something. Initially Azure created only those entries:
Then I added A
record set and put www
as a value:
I checked DNS resolution by ns-lookup
and it looks ok.
Then I run AddCertificate_HttpStart
function, a new record entry has been added:
from appservice-acmebot.
Your settings and actions are correct, I think that there is a cache in the DNS used by Let's Encrypt. Please try again later.
from appservice-acmebot.
Hi @shibayan, thank you for your efforts to help resolve my issue. Today I am getting a different error: `` not sure if that is a progress or not:
CheckIsReady Invalid order status is invalid
https://acme-v02.api.letsencrypt.org/acme/order/44313992/134282230
Maybe a stupid question, but do I have to setup anything on Let's Encrypt side before starting?
from appservice-acmebot.
Your domain does not seem to be delegated to Azure DNS. Please change name server to Azure DNS from the domain registrar management portal.
https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns#delegate-the-domain
https://edi.wang/post/2017/6/2/migrate-domain-dns-to-azure
After setting, please confirm with the command of the following page whether it is correctly delegated.
Once this work is done, the certificate will be issued successfully.
from appservice-acmebot.
Related Issues (20)
- Bindings are not updated correctly when wildcard certificates are issued.
- Issuing Certificate for Linux WebApp with external DNS (cloudflare) HOT 2
- Question about using a non-Let's Encrypt provider
- Add app role-based authorization
- No longer works as it uses a deprecated graph API HOT 2
- Services was working but not anymore HOT 1
- Failure to automatically renew
- 3.4.11 README links to the "latest" ARM template instead of the released revision HOT 3
- 3.4.11 ARM template links to the "latest" blob instead of the released one HOT 1
- Renewals are failing HOT 1
- Missing properties object in arm template HOT 1
- Acmebot and Private Azure DNS HOT 1
- ContainerAppSecretNull error when trying to add a certificate for an App Container containing a secret HOT 1
- Error creating new certifcate in Azure linux App Service
- avoid adding/cleaning .well-known virtual path if it exists HOT 1
- Configure .well-known to be a Directory instead of a virtual application HOT 4
- Deployment Slot Blank HOT 3
- Troubleshooting: "Failed to access SCM site. Message: Response status code does not indicate success: 401 (Unauthorized)" HOT 1
- Support for .NET 6 ends on 12 November 2024 HOT 4
- Error 502 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from appservice-acmebot.