6

Our web app running on Azure has the Azure Let's Encrypt 0.9.6 extension installed. Launching the extension (https://********-website-stage.scm.azurewebsites.net/letsencrypt/) is no problem and we get to fill the form with the values needed to create a certificate, as in the attached image:

Let's Encrypt certificate registration form

After about 2 minutes the request times out. The error we get is:

502 - Web server received an invalid response while acting as a gateway or proxy server.

There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.

The error log says this:

IIS error log

The web app name the error reports about (******-website-stage) exists (it is used for ******-website-stage.azurewebsites.net), but it looks kinda funny with the https-prefix, the tilde character with the number one after (~1), and finally, calling port 80 on https?

We did the exact same configuration and letsencrypt installation in our production environment, and it succeeded without any problems.

The problem seems to occur when our web app tries to contact Let's Encrypt again to supply info about our Azure web app configuration, such as, which host names to register the certificate for.

Any ideas where to look next?

Community
  • 1
GordonLiddy
  • 161
  • 1
  • Wonder if you got it resolved? I am having exactly the same issue. – mike123 Oct 06 '19 at 22:58
  • Nope, unfortunately not. Still having issues with this. – GordonLiddy Oct 07 '19 at 08:23
  • Thank you. Seem like azure wide issue with kudu and Let's Encrypt 0.9.6 extension. Having same issues between different azure subscriptions. – mike123 Oct 08 '19 at 13:34
  • Got the same with 1.0.1 – Eric Herlitz Oct 08 '19 at 22:04
  • There is an error in SCM at the moment, you can check the page `letsencrypt/home/install` if you have the settings in place already and try to continue from there but you will most likely end up in a 502 anyway. There is an open issue on github regarding this https://github.com/sjkp/letsencrypt-siteextension/issues/331 – Eric Herlitz Oct 08 '19 at 22:21
  • See the GitHub link above for workaround (you must login to SCM using BasicAuth using FTP Publish Credentials). – Dave Lucre Oct 10 '19 at 10:25
  • Yes, this problem seems very common, and the discussion continues on the GitHub link. Did what's recommended - changed to basic authentication - but another error occurs: `Server Error in '/letsencrypt' Application. Unable to complete challenge with Lets Encrypt servers error was: Invalid` – GordonLiddy Oct 11 '19 at 13:21

0 Answers0