Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded. #118

Closed
ChrisHammond opened this Issue Apr 3, 2017 · 5 comments

Comments

Projects
None yet
3 participants
@ChrisHammond

When running on a basic app service, with multiple custom domains for the service, if you try to create additional certs, the process will throw a pretty specific error. I added 2 certificates successfully before I ran into this problem. You can work around it by assigning the certificate via SNI in the Azure Portal.

Server Error in '/letsencrypt' Application.

Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: Microsoft.Rest.Azure.CloudException: Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[CloudException: Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded.]
Microsoft.Azure.Management.WebSites.d__208.MoveNext() +4251
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Azure.Management.WebSites.d__407.MoveNext() +319
System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58
Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.BeginCreateOrUpdate(IWebAppsOperations operations, String resourceGroupName, String name, Site siteEnvelope, Nullable1 skipDnsRegistration, Nullable1 skipCustomDomainVerification, Nullable1 forceDnsRegistration, String ttlInSeconds) +70 LetsEncrypt.SiteExtension.SiteSlotExtensions.BeginCreateOrUpdateSiteOrSlot(IWebAppsOperations sites, String resourceGroupName, String webAppName, String siteSlotName, Site s) in C:\projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\SiteSlotExtensions.cs:77 LetsEncrypt.SiteExtension.Core.Services.CertificateService.Install(ICertificateInstallModel model) in C:\projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\Services\CertificateService.cs:61 LetsEncrypt.SiteExtension.Core.<RequestAndInstallInternalAsync>d__10.MoveNext() in C:\projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:150 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 LetsEncrypt.SiteExtension.Controllers.<Install>d__7.MoveNext() +581 System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) +92 System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) +58 System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) +97 System.Web.Mvc.Async.<>c__DisplayClass37.<BeginInvokeAsynchronousActionMethod>b__36(IAsyncResult asyncResult) +17 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +225 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult) +10
System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +22
System.Web.Mvc.Async.WrappedAsyncResultBase1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult) +29
System.Web.Mvc.Async.WrappedAsyncResultBase`1.End() +49
System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28
System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9
System.Web.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar) +129

@sjkp

This comment has been minimized.

Show comment
Hide comment
@sjkp

sjkp Apr 3, 2017

Owner

SNI is the default way to assign certificates, did you by any chance check mark UseIPBasedSSL on the first configuration page by accident?

Owner

sjkp commented Apr 3, 2017

SNI is the default way to assign certificates, did you by any chance check mark UseIPBasedSSL on the first configuration page by accident?

@ChrisHammond

This comment has been minimized.

Show comment
Hide comment
@ChrisHammond

ChrisHammond Apr 3, 2017

Possibly, is there a way to switch back? :D

Possibly, is there a way to switch back? :D

@sjkp

This comment has been minimized.

Show comment
Hide comment
@sjkp

sjkp Apr 3, 2017

Owner

Just remove the web app setting letsencrypt:UseIPBasedSSL

Owner

sjkp commented Apr 3, 2017

Just remove the web app setting letsencrypt:UseIPBasedSSL

@ChrisHammond

This comment has been minimized.

Show comment
Hide comment
@ChrisHammond

ChrisHammond Apr 3, 2017

Perfect thanks! I've made the change, and reran through the process. Everything worked as expected.

Thanks for the quick turnaround!

Perfect thanks! I've made the change, and reran through the process. Everything worked as expected.

Thanks for the quick turnaround!

@Dudleydogg

This comment has been minimized.

Show comment
Hide comment
@Dudleydogg

Dudleydogg Apr 13, 2018

That was my error Also I had the wrong option Checked in the previous configuration Window. Although it did Create / Fetch the certificate just did not assign to the web app.

That was my error Also I had the wrong option Checked in the previous configuration Window. Although it did Create / Fetch the certificate just did not assign to the web app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment