This was a fun one. I’ve been using Let’s Encrypt for free certificates on a lot of the websites we have hosted in Azure, and the Let’s Encrypt extension is awesome at managing all of that. As part of some transient fault tolerance I also use a couple app settings to cache everything on local storage (in case az storage fails). Well, that cache also breaks Let’s Encrypt renewals. To verify the domain the extension creates a file and then Let’s Encrypt checks for that file. Because I had this caching turned on it kept failing to find the file because the cache had not updated. This is the error you get:
The Lets Encrypt ACME server was probably unable to reach http://hostname.com/.well-known/acme-challenge/BunchOfJibberishLettersandmaybenumbers123 view error report from Lets Encrypt at https://acme-v01.api.letsencrypt.org/acme/authz/MoreJibberishandNumbers123 for more information
The caching options I had turned on were WEBSITE_LOCAL_CACHE_OPTION and WEBSITE_LOCAL_CACHE_SIZEINMB. You can read more about local cache here. Simply removing those app settings (or add an x to the name) and restarting the app fixed the issue.