-
Notifications
You must be signed in to change notification settings - Fork 75
Troubleshoot
-
Check that you can successfully browse /.well-known/acme-challenge/ If you can't browse the challenge file, then Let's encrypt's servers can't issue a certificate for you. Not being able to browse it might be caused by using a hosting enviroment that doesn't support the file type used by the challenge file. The standard installation places a web.config in the folder, that allows the iis server to serve the file, but if you are e.g. using Java/PHP/ASP.Net core node.js you might have to do something within your own application to make the file browsable.
-
The challenge file is browsable, but I still don't get any certificates Is DNS working for your site? The challenge file should be accessible via the DNS name you are requesting a SSL certificate for.
The web jobs are only supposed to do something under two circumstances.
- SetupHostNameAndCertificate: The extension was just installed and all app settings are correctly setup, then the web job should setup the hostname and request a cerficate for it. After the first run a file with the run date will be written to blob storage in letsencrypt/firstrun.job - delete this file if you want to run the job again.
- RenewCertificate: The existing certificate is about to expire, the continues running web job will 22 days in advance request and install a new certificate. D:\home\SiteExtensions\letsencrypt\config
If you are running a ghost blog on Azure Web Apps, Let's Encrypt will not be able to browse the challenge file under well-known. To fix that you can add the following redirect rule to the web.config
<rule name="AcmeContent">
<match url=".well-known/acme-challenge/*" />
<action type="Rewrite" url="{REQUEST_URI}"/>
</rule>
<rule name="StaticContent">
<match url="public/*" />
<action type="Rewrite" url="{REQUEST_URI}"/>
</rule>