This was a fun one. I’ve been using Let’s Encrypt for free certificates on a lot of the websites we have hosted in Azure, and the Let’s Encrypt extension is awesome at managing all of that. As part of some transient fault tolerance I also use a couple app settings to cache everything on local storage (in case az storage fails). Well, that cache also breaks Let’s Encrypt renewals. To verify the domain the extension creates a file and then Let’s Encrypt checks for that file. Because I had this caching turned on it kept failing to find the file because the cache had not updated. This is the error you get:
The Lets Encrypt ACME server was probably unable to reach http://hostname.com/.well-known/acme-challenge/BunchOfJibberishLettersandmaybenumbers123 view error report from Lets Encrypt at https://acme-v01.api.letsencrypt.org/acme/authz/MoreJibberishandNumbers123 for more information
The caching options I had turned on were WEBSITE_LOCAL_CACHE_OPTION and WEBSITE_LOCAL_CACHE_SIZEINMB. You can read more about local cache here. Simply removing those app settings (or add an x to the name) and restarting the app fixed the issue.
Thanks – this had me stumped!
But what if I don’t want to turn off the local cache? Do you have any idea how to go about letting let’s encrypt auto-renew with the local cache active?
It works with local cache now, and for automation you need to add letsencrypt:Hostnames to your app settings.
For local cache
letsencrypt:AuthorizationChallengeBlobStorageAccount
letsencrypt:AuthorizationChallengeBlobStorageContainer
https://github.com/sjkp/letsencrypt-siteextension#fully-automated-installation