[Error] Azure DNS zone "System.String[]" is not found about appservice-acmebot HOT 19 CLOSED

@shibayan, now I understand. Thanks for help

from appservice-acmebot.

That was it, I delegated domain and your function worked as a charm. Thank you!

from appservice-acmebot.

@jakubzloczewski There was a bug in the error log output, so I fixed it. Please restart Azure Functions from Portal and try again.

from appservice-acmebot.

Great, now in log I see Azure DNS zone "mydomain.com" is not found but I have let's say 'mydomian.com' assigned to site.
Does it means that I need something called "Azure DNS" ?

from appservice-acmebot.

Yes. If you use wildcard certificate, needs Azure DNS zone mydomain.com.
https://docs.microsoft.com/en-us/azure/dns/dns-getstarted-portal

from appservice-acmebot.

But without wildcard will it work or not? How to determine if function will register wildcard cert or not-wildcard cert?

from appservice-acmebot.

If you are targeting Linux App Service (including Web App for Containers) or wildcard certificate, you need Azure DNS. For Windows App Service, Azure DNS should not be needed.
https://github.com/shibayan/azure-appservice-letsencrypt/blob/master/AzureAppService.LetsEncrypt/AddCertificate.cs#L45

from appservice-acmebot.

Hey @shibayan I encounter the same issue as @jakubzloczewski. I have Web App for Linux Containers. After reading answer above, I setup DNS Zone for my App. Now I am getting another errror:

"Orchestrator function 'AddCertificate' failed: The activity function 'AnswerChallenges' failed: "Operation is not valid due to the current state of the object.". See the function execution logs for additional details."

Kindly please for some hint.

from appservice-acmebot.

@RosiV Please check AnswerChallenges monitor logs. Although it seems that the Azure DNS setting has no problem, it is necessary to know the cause of the error.

from appservice-acmebot.

type: "dns-01",
status: "invalid",
error: {
type: "urn:ietf:params:acme:error:dns",
detail: "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.mydomain.com",
status: 400
},
url: "https://acme-v02.api.letsencrypt.org/acme/challenge//8536221294",
token: "DS1-Lb3d_Xb0k5ZL....."

from appservice-acmebot.

@RosiV The version you are using may not be up-to-date. If you deployed using Deploy to Azure Button, please execute Restart from Azure Portal. So the latest version will be deployed.

from appservice-acmebot.

I'm sorry, I misunderstood. Your version is latest.

from appservice-acmebot.

No problem. So it looks for me like the TXT entry in DNS Zone is invalid. Do I have to update it manually?

from appservice-acmebot.

Is _acme-challenge TXT record created automatically in Azure DNS as in the image?

It is not necessary to create a TXT record manually.

from appservice-acmebot.

If you created Azure DNS and set up Name Server a while ago, it may not be reflected in the DNS used by Let's Encrypt.
In that case I think that it will work on retry waiting for several hours.

from appservice-acmebot.

I have just re-created DNS Zone, just to be sure I did not mess up something. Initially Azure created only those entries:

Then I added A record set and put www as a value:

I checked DNS resolution by ns-lookup and it looks ok.

Then I run AddCertificate_HttpStart function, a new record entry has been added:

from appservice-acmebot.

Your settings and actions are correct, I think that there is a cache in the DNS used by Let's Encrypt. Please try again later.

from appservice-acmebot.

Hi @shibayan, thank you for your efforts to help resolve my issue. Today I am getting a different error: `` not sure if that is a progress or not:

CheckIsReady Invalid order status is invalid

https://acme-v02.api.letsencrypt.org/acme/order/44313992/134282230

Maybe a stupid question, but do I have to setup anything on Let's Encrypt side before starting?

from appservice-acmebot.

Your domain does not seem to be delegated to Azure DNS. Please change name server to Azure DNS from the domain registrar management portal.

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns#delegate-the-domain
https://edi.wang/post/2017/6/2/migrate-domain-dns-to-azure

After setting, please confirm with the command of the following page whether it is correctly delegated.

https://docs.microsoft.com/en-us/azure/dns/dns-delegate-domain-azure-dns#verify-that-the-delegation-is-working

Once this work is done, the certificate will be issued successfully.

from appservice-acmebot.