Skip to content

Troubleshoot

Simon J.K. Pedersen edited this page Jan 1, 2019 · 10 revisions

Troubleshoot

No certificates gets installed

  • Check that you can successfully browse /.well-known/acme-challenge/ If you can't browse the challenge file, then Let's encrypt's servers can't issue a certificate for you. Not being able to browse it might be caused by using a hosting enviroment that doesn't support the file type used by the challenge file. The standard installation places a web.config in the folder, that allows the iis server to serve the file, but if you are e.g. using Java/PHP/ASP.Net core node.js you might have to do something within your own application to make the file browsable.

  • The challenge file is browsable, but I still don't get any certificates Is DNS working for your site? The challenge file should be accessible via the DNS name you are requesting a SSL certificate for.

  • If certificate is generated but fails to install with a "Cannot use SNI SSL with this plan" error, check that the Web App is scaled up to an App Service Plan that supports SNI SSL (at least B1)

The web jobs does nothing

The web jobs are only supposed to do something under two circumstances.

  • SetupHostNameAndCertificate: The extension was just installed and all app settings are correctly setup, then the web job should setup the hostname and request a cerficate for it. After the first run a file with the run date will be written to blob storage in letsencrypt/firstrun.job - delete this file if you want to run the job again.
  • RenewCertificate: The existing certificate is about to expire, the continues running web job will 22 days in advance request and install a new certificate. D:\home\SiteExtensions\letsencrypt\config

Using the Site Extensions with Ghost Blog

If you are running a ghost blog on Azure Web Apps, Let's Encrypt will not be able to browse the challenge file under well-known. To fix that you can add the following redirect rule to the web.config

<rule name="AcmeContent">
     <match url=".well-known/acme-challenge/*" />
     <action type="Rewrite" url="{REQUEST_URI}"/>
</rule>
<rule name="StaticContent">
     <match url="public/*" />
     <action type="Rewrite" url="{REQUEST_URI}"/>
 </rule>

Lets Encrypts Servers doesn't answer

https://letsencrypt.status.io/