500-error when installing certificate on subdomain

[Sigve-Fast]

I get the error below when trying to install certificate for the first time on a test-site (http://test.mysite.no).
On the production site (http://www.mysite.no) I had no issues.
The certificates is downloaded, but it looks like it fails on install.

Exception information: Exception type: DefaultErrorResponseException Exception message: Operation returned an invalid status code 'BadRequest' at Microsoft.Azure.Management.WebSites.WebAppsOperations.<BeginCreateOrUpdateWithHttpMessagesAsync>d__338.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.<BeginCreateOrUpdateAsync>d__667.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Azure.Management.WebSites.WebAppsOperationsExtensions.BeginCreateOrUpdate(IWebAppsOperations operations, String resourceGroupName, String name, Site siteEnvelope) at LetsEncrypt.Azure.Core.SiteSlotExtensions.BeginCreateOrUpdateSiteOrSlot(IWebAppsOperations sites, String resourceGroupName, String webAppName, String siteSlotName, Site s) in D:\a\1\s\LetsEncrypt.SiteExtension.Core\SiteSlotExtensions.cs:line 77 at LetsEncrypt.Azure.Core.Services.WebAppCertificateService.<Install>d__3.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\Services\WebAppCertificateService.cs:line 79 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at LetsEncrypt.Azure.Core.CertificateManager.<RequestAndInstallInternalAsync>d__17.MoveNext() in D:\a\1\s\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:line 245 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at LetsEncrypt.SiteExtension.Controllers.HomeController.<Install>d__7.MoveNext() in D:\a\1\s\LetsEncrypt-SiteExtension\Controllers\HomeController.cs:line 225 --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at System.Web.Mvc.Async.TaskAsyncActionDescriptor.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass8_0.<BeginInvokeAsynchronousActionMethod>b__1(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_0.<InvokeActionMethodFilterAsynchronouslyRecursive>b__0() at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass11_2.<InvokeActionMethodFilterAsynchronouslyRecursive>b__2() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass7_0.<BeginInvokeActionMethodWithFilters>b__1(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_6.<BeginInvokeAction>b__4() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass3_1.<BeginInvokeAction>b__1(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) at System.Web.Mvc.Controller.<>c.<BeginExecuteCore>b__152_1(IAsyncResult asyncResult, ExecuteCoreState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) at System.Web.Mvc.Controller.<>c.<BeginExecute>b__151_2(IAsyncResult asyncResult, Controller controller) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.<>c.<BeginProcessRequest>b__20_1(IAsyncResult asyncResult, ProcessRequestState innerState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncVoid1.CallEndDelegate(IAsyncResult asyncResult)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase1.End() at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) at System.Web.HttpApplication.CallHandlerExecutionStep.InvokeEndHandler(IAsyncResult ar) at System.Web.HttpApplication.CallHandlerExecutionStep.OnAsyncHandlerCompletion(IAsyncResult ar)

[FynnHunt]

I am getting the same error when simply trying to Request and Install certificate on my main site. Did you find a solution to this?

[Sigve-Fast]

No I still experience the issue.

[sjkp]

I will release a new version with more logging. Unfortunately I can't reproduce it on my own sites, so it is something with the environment.

[sjkp]

@Sigve-Fast if you grab 0.9.3, then it will output some additional information to the application log, so if you enable "information" logging under the diagnostics settings for the web app and then have the log stream open as you try to update the certificate, then you should see something similar to (plus a lot of other logging)

2019-02-10T18:17:34  PID[2572] Information 6368541945390147816 - Response: GET https://management.azure.com/subscriptions/3f09c367-93e0-4b61-bbe5-dcb5c686bf8a/resourceGroups/letsencrypt-siteextension/providers/Microsoft.Web/certificates?api-version=2018-02-01, headers x-ms-client-request-id = 9698e6ba-e423-464c-b885-9a827101c15c,accept-language = en-US,User-Agent = FxVersion/4.7.3260.0|OSName/Windows|OSVersion/10.0.14393.0|Microsoft.Azure.Management.WebSites.WebSiteManagementClient/2.0.1
{"value":[{"id":"/subscriptions/3f09c367-93e0-4b61-bbe5-dcb5c686bf8a/resourceGroups/letsencrypt-siteextension/providers/Microsoft.Web/certificates/letsencrypt.ai4bots.com-2A641898414CE3A9AC48DE864EB16BA7BC0F9878","name":"letsencrypt.ai4bots.com-2A641898414CE3A9AC48DE864EB16BA7BC0F9878","type":"Microsoft.Web/certificates","location":"West US","properties":{"friendlyName":"CN=letsencrypt.ai4bots.com","subjectName":"letsencrypt.ai4bots.com,letsencrypt.sjkp.dk","hostNames":["letsencrypt.ai4bots.com"

Except for you it should contain the Bad Request response, when you have that then post it here, and we can probably figure out what the issue is.

[Sigve-Fast]

Well this is embarrassing. Turns out I was using an App service plan on Shared infastructure thus Custom Domains with SSL was not supported. But the error-message made that clear, so thank you very much :)

I'll add the error message from the log here for future reference.

{ "Code":"BadRequest", "Message":"Cannot enable SNI SSL for a hostname 'test.mysite.no' because current site mode does not allow it.", "Target":null, "Details":[ { "Message":"Cannot enable SNI SSL for a hostname 'test.mysite.no' because current site mode does not allow it." }, { "Code":"BadRequest" }, { "ErrorEntity":{ "ExtendedCode":"04039", "MessageTemplate":"Cannot enable SNI SSL for a hostname '{0}' because current site mode does not allow it.", "Parameters":[ "test.timbra.no" ], "Code":"BadRequest", "Message":"Cannot enable SNI SSL for a hostname 'test.mysite.no' because current site mode does not allow it." } } ], "Innererror":null }

[sjkp]

@Sigve-Fast thanks for reporting back - i will add an extra validation step to catch this in the future, I'm sure you are not the only one who have encountered this.

[sjkp]

Added validation in 0.9.5