Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

502 - Web server received an invalid response while acting as a gateway or proxy server. #331

Closed
modemgeek opened this issue Oct 2, 2019 · 91 comments

Comments

@modemgeek
Copy link

commented Oct 2, 2019

On one particular webapp, we started getting this 502 error when going to the /letsencrypt/
We haven't made any changes to it. I have also tried upgrade to 0.9.6 (from 0.9.5) but same issue happens. Once you are on /letsencrypt and click Next it hangs for a bit and then the 502 error pops up. Any idea of what is causing this behavior or where I can look for errors?

I can also browse to /letsencrypt/Home/Install and select a hostname. When I click the button request and install certificate, I get the same 502 error.

@modemgeek

This comment has been minimized.

Copy link
Author

commented Oct 2, 2019

**Update: it looks like it is happening to our webapps in the south region only

@ncote

This comment has been minimized.

Copy link

commented Oct 2, 2019

Same here. Just noticed it a few minutes ago.

@tdoumas

This comment has been minimized.

Copy link

commented Oct 3, 2019

We have the same problem here. North Europe.
Maybe something changed in Let's Encrypt API.
I have found a related question in ServerFault https://serverfault.com/questions/986517/error-creating-letsencrypt-certificate-from-azure-web-site-extension

No solution for the moment

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 3, 2019

Hi guys - i will take a look tonight.

@modemgeek

This comment has been minimized.

Copy link
Author

commented Oct 3, 2019

Thanks. I also wonder if it has anything to do with LE current status

October 3, 2019 01:57 UTC[Investigating] We are investigating user reports for occasional timeouts when accessing the /directory endpoint.

@ak23young

This comment has been minimized.

Copy link

commented Oct 3, 2019

Hey all, just wanted to add in I'm also receiving the 502 error on my webapp hosted in Central US

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 3, 2019

Quick update - I won't be able to release a fix tonight. I moving to a new ACME library that supports the LetsEncrypt V2 API - which is kinda required as the old V1 api is being shutdown first of 1. november and the staging environment is already closed (which could be why you see the errors, the extension at least wont work at all right now with staging certs). I will hopefully be able to release it tomorrow, I just have to do some more testing.

@ncote

This comment has been minimized.

Copy link

commented Oct 3, 2019

@sjkp sjkp self-assigned this Oct 3, 2019
@sjkp sjkp added the bug label Oct 3, 2019
@imadsani

This comment has been minimized.

Copy link

commented Oct 7, 2019

Glad we're not the only ones experiencing this issue, had me worried for a minute.

Region: East Asia

@VicSmith

This comment has been minimized.

Copy link

commented Oct 7, 2019

Noting the same problem today in the Central US Azure Region.

@tiltsoftware

This comment has been minimized.

Copy link

commented Oct 7, 2019

Just following up to see if this is close to being resolved?

Thanks so much for your work with this, saved me a lot of time over the last few years.

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 7, 2019

You should move to version 1.0.1 then should should be able to renew your certs. If you have any issues please report them.

@sjkp sjkp closed this Oct 7, 2019
@VexedSyd

This comment has been minimized.

Copy link

commented Oct 7, 2019

Good day,
I have updated the extension to latest version (clean install) and I am still getting the 502 error.
I am not sure if this issue is related to v2 API because I am getting the error before requesting the certificate on the Authentication Settings page, as soon as I click on the Next button.

@modemgeek

This comment has been minimized.

Copy link
Author

commented Oct 7, 2019

Same here. Upgraded to 1.0.1. Did a restart. Still getting the 502 error

@VicSmith

This comment has been minimized.

Copy link

commented Oct 7, 2019

Same here. Brand new fresh install of App, then extension. Still getting the same 502 error.

@tiltsoftware

This comment has been minimized.

Copy link

commented Oct 8, 2019

I'm still also seeing the same behavior with 1.0.1 with the 502 error. Thanks for working on this.

I have about 50 domains on a site so in the meantime I am using this tool to manually create the certificates. Much faster than any other manual process I have found so far and it has bought me a few days. Just in case it helps someone else. https://zerossl.com/free-ssl/

@shane-hall

This comment has been minimized.

Copy link

commented Oct 8, 2019

I'm getting the same error in Australia South-East. I tried updating the plug-in as well as removing and replacing. I see an error in the Web Job console that might be related;

The configuration is not properly set for the Microsoft Azure WebJobs Dashboard.
In your Microsoft Azure Website configuration you must set a connection string named AzureWebJobsDashboard by using the following format DefaultEndpointsProtocol=https;AccountName=NAME;AccountKey=KEY pointing to the Microsoft Azure Storage account where the Microsoft Azure WebJobs Runtime logs are stored.

Please visit the article about configuring connection strings for more information on how you can configure connection strings in your Microsoft Azure Website.

@bclevering

This comment has been minimized.

Copy link

commented Oct 8, 2019

The same problem here... The POST to /letsencrypt is failing with a HTTP 502 Bad Gateway response on all websites hosted in West Europe. (i don't have any other)

  • version 1.0.1
@fredrik-annytab

This comment has been minimized.

Copy link

commented Oct 8, 2019

I have the same problem with version 1.0.1. I can click play on the extension but when I try to click on next it takes some minutes and fails with "502 - Web server received an invalid response while acting as a gateway or proxy server."

North Europe

@rutgervanwilligen

This comment has been minimized.

Copy link

commented Oct 8, 2019

Got the same issue today (West-Europe), but it might be unrelated to the Site Extension version. Yesterday, I successfully renewed a certificate using version 0.9.6. Today, in a different app service, I got a 502 both when using version 0.9.6 and after upgrading to 1.0.1.

@DanielHosseini

This comment has been minimized.

Copy link

commented Oct 8, 2019

@sjkp, I'm also facing the same issue with 1.0.1. Performing the post to /letsencrypt gives a 502 bad gateway error. Any update?

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 8, 2019

Does anyone have a site that they don't mind me getting access to, so I can see this bad gateway error (because it doesn't happen on my sites, so I'm guessing MS is rolling out a patch to their scale units that breaks stuff, but I need to be on one of the updated scale units to reproduce it). You can write me on mail@sjkp.dk

@sjkp sjkp reopened this Oct 8, 2019
@Jjarrard

This comment has been minimized.

Copy link

commented Oct 8, 2019

Brilliant extension, and has saved me time and money over the years, just wanted to mention I had the same 502 bad gateway, Central US. Thanks for your hard work!

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 8, 2019

If you have the settings stored in app settings already you can skip the first next button, by just going to
letsencrypt/home/install
If you dont have the app settings setup, then you need to do that without the help from the extension, until I figure out what is prevent it from allowing next to be clicked on the first page.

@stevet26

This comment has been minimized.

Copy link

commented Oct 8, 2019

Thanks for looking into it and posting a work around. I have added the app setting manually and I can now see the Request and Install Certificate page with my domain in the hostname box.

Sadly, I hit the 502 error again when clicking the "Request and Install Certificate" button.

Let me know if there is anything I can send you to help with this...

@garethrampton

This comment has been minimized.

Copy link

commented Oct 10, 2019

Hi friends (as hanselman would have said it)
Microsoft have a work around. We need to browse the KUDU/SCM site using basic auth not SSO.
Basic Auth is available using https://<yoursite>.scm.azurewebsites.net/basicauth the username + password you need to use are those from the publishing crendential file userName and userPWD

--
when i try this i get the following error while requesting the certificate:

image

Seeing exactly this issue here too

@webmatikbg

This comment has been minimized.

Copy link

commented Oct 10, 2019

The workaround of using basicauth worked for me as well.

Thanks

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 10, 2019

@garethrampton @bclevering do you have an app setting configured with letsencrypt:AcmeBaseUri that points to one of the old endpoints? Please use https://acme-v02.api.letsencrypt.org/directory or https://acme-staging-v02.api.letsencrypt.org/directory for the new V2 endpoints. I'm not sure my 1.0.1 patch handles if you had these configure before, and just did and upgrade.

@garethrampton

This comment has been minimized.

Copy link

commented Oct 10, 2019

@sjkp I did have the correct v2 endpoint configure in my app settings, but since removed it - along with the email and hostnames config options too to see if that was impacting things - no change.

Interestingly though - with the same app service plan last night the App Service Acmebot function app was also failing to succeed for the same app, yet this morning it has worked and installed a new certificate.

The app service is in the UK South region, and was newly spun up, so had no pre-existing SSL installed if that makes a difference.

At least now I've got the SSL installed the extension will hopefully now continue to renew with the WebJob.

@bclevering

This comment has been minimized.

Copy link

commented Oct 10, 2019

@garethrampton @bclevering do you have an app setting configured with letsencrypt:AcmeBaseUri that points to one of the old endpoints? Please use https://acme-v02.api.letsencrypt.org/directory or https://acme-staging-v02.api.letsencrypt.org/directory for the new V2 endpoints. I'm not sure my 1.0.1 patch handles if you had these configure before, and just did and upgrade.

@sjkp I did update the appsettings in Azure and also did a manual reset of the web app. But still the same issue appears. :(

@dlucre

This comment has been minimized.

Copy link

commented Oct 10, 2019

Using BasicAuth also worked for me. Once again, Scott comes to the rescue.
If you keep getting prompted for the user/pass when trying basic auth, it might be because you're providing the username in the DOMAIN\$USERNAME format. If so, use $USERNAME only.

@Jjarrard

This comment has been minimized.

Copy link

commented Oct 10, 2019

Possibly a stupid question: I'm just using an app service to host a .net core project, and don't have the options to FTP and never set up a username or password. BasicAuth requires a username and password, is it possible to create a user/pass?, or am I not going to be able to use the work around?

@osvaldolove

This comment has been minimized.

Copy link

commented Oct 10, 2019

@Jjarrard try downloading the Publish Profile from the overview tab. Credentials should be in the file.

@Jjarrard

This comment has been minimized.

Copy link

commented Oct 10, 2019

@osvaldolove brilliant, thanks!

Work around worked, thanks so much guys!

@Marcel0024

This comment has been minimized.

Copy link

commented Oct 10, 2019

Workaround also worked for me!

@Jabe

This comment has been minimized.

Copy link
Contributor

commented Oct 10, 2019

To get the credentials, just open the App Service in the Azure Portal, go to Deployment Center ...

  • (if nothing is set up) choose FTP and find the Dashboard button at the bottom of the blade
  • (if you've set up deployment using Deployment Center before) find the FTP/Credentials button at the top of the blade

You can also use the Resource Explorer to access the API and navigate to config/publishingcredentials.

@davidverriere

This comment has been minimized.

Copy link

commented Oct 10, 2019

Using basicAuth and login with FTP credential withou domain works for me
thanks Scott

@unencode

This comment has been minimized.

Copy link

commented Oct 10, 2019

Same here, works with Basic. Thanks for the workaround!

@jjghali

This comment has been minimized.

Copy link

commented Oct 10, 2019

@shanselman you are a lifesaver 💃

@valentim89

This comment has been minimized.

Copy link

commented Oct 11, 2019

Hi Guys,

I am having the same trouble.
When I am attempting the "basicauth" workaround after entering my credentials I get "error 403 - This web app is stopped"

But it is not!
Can you guys advise?

Thanks for all the effort

EDIT: It seems I was using the wrong Creds. So bypass this. However:

scm

Any ideas?

NEW EDIT:

I should really learn to read before I post, I needed to update the plugin!
I can confirm the basicauth also works for me!

Thanks a lot guys

@perkarlssonpayex

This comment has been minimized.

Copy link

commented Oct 11, 2019

I'm the one who posted the question on Serverfault as mentioned by @tdoumas.

Changed to basicauth which got me a little bit further, but now I'm stuck with the exact same problem as @bclevering:

image

Also added the letsencrypt:AcmeBaseUri application setting, but it did not make any difference.

Thankful for help!

@seriousfish

This comment has been minimized.

Copy link

commented Oct 11, 2019

Basic Auth also worked for me, but the Webjob never gets created? Any instructions to create that manually with the settings I need?

@ahmelsayed

This comment has been minimized.

Copy link

commented Oct 11, 2019

Quick update from Azure side; a fix started rolling out yesterday, we're tracking updating some US regions today and finishing the upgrade globally by next week.

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 13, 2019

Please update to 1.0.4 to get proper error reporting. And then make new issues, unless it is related to this one, if you still have errors.

@sjkp sjkp closed this Oct 13, 2019
@robertmclaws

This comment has been minimized.

Copy link

commented Oct 14, 2019

I'm still getting the same error with 1.0.4, even after totally uninstalling and reinstalling the extension. The only luck I had was with the /basicauth workaround. I have a couple other sites to set up, but I'll hold off for a couple days till the rest of the rollout happens.

@m4nthys

This comment has been minimized.

Copy link

commented Oct 14, 2019

Please update to 1.0.4 to get proper error reporting. And then make new issues, unless it is related to this one, if you still have errors.

I still have the same error with 1.1.4. =/
domain: icollect.com.br

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 14, 2019

1.0.4 doesn't fix the 502 problem that Microsoft introduced, you still have to use basic auth, until their fix is rolled out. I can't fix the app service infrastructure ;)

@alfkla

This comment has been minimized.

Copy link

commented Oct 14, 2019

Hi, thanks for wonderfull extension, I use it a lot! I have updated it to 1.0.4 on one webapp today and tried to run it, but it still fails. Then I tried the login at https://.scm.azurewebsites.net/basicauth (with credentials from the publish profile) and got into the Kudu environment page. But what's next, if I try to continue using https://.scm.azurewebsites.net/letsencrypt/home/install (writing this url in the address field in my webbrowser) I only end up with this error:

Server Error in '/letsencrypt' Application.
'authority' Uri should have at least one segment in the path (i.e. https:////...)
Parameter name: authority
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

smsapi_error

Any ideas of what I am doing wrong?

Kind regards, Alf

@shanselman

This comment has been minimized.

Copy link

commented Oct 14, 2019

@RobDeVoer

This comment has been minimized.

Copy link

commented Oct 14, 2019

Big thanks @sjkp and @shanselman for your efforts to get this resolved. Really appreciated.

@sjkp

This comment has been minimized.

Copy link
Owner

commented Oct 15, 2019

@alfkla please start at https://<your-site>.scm.azurewebsites.net/letsencrypt/ unless you have already configured the site before.
And use basicauth as you did, until we have a confirmation that the patch is applied globally.

@shanselman

This comment has been minimized.

Copy link

commented Oct 16, 2019

This should be patched everywhere now.

@kilasuit

This comment has been minimized.

Copy link

commented Oct 17, 2019

This should be patched everywhere now.

I can confirm this now looks to be working as expected as I have managed to get a new Certificate where I was unable to previously

@alfkla

This comment has been minimized.

Copy link

commented Oct 17, 2019

Thanks a lot @sjkp and @shanselman - now it works fine!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
You can’t perform that action at this time.