Fix The provided client secret keys are expired in Azure let’s encrypt

 The provided client secret keys are expired

This error happens because the secret created with the app identity that Let’s Encrypt uses to access the web app in Azure has expired.

  1. Find the app in app registrations. Login to Azure portal and navigate to Azure AD ? App Registrations.
  2. Search for the app by name or ID (Let’s encrypt ClientId).
  3. Select the app registration and navigate to Certificates & Secrets.
  4. Create a new client secret and set the expiration to never expire. Leave the description blank.
  5. Copy the secret that is generated. Don’t lose this secret because you can’t see it again.

Now you need to replace the existing letsencrypt:ClientSecret in your app service config with the new one. You can do this manually or use this powershell script.

$rg = Read-Host "Resource group name"
$sec = Read-Host -assecurestring "New secret"
$secret = ConvertTo-SecureString $sec -AsPlainText -Force
$apps = Get-AzWebApp -ResourceGroupName $rg
$appnames = $apps.Name
ForEach ($appname in $appnames) {
    $app = Get-AzWebApp -ResourceGroupName $rg -Name $appname -ErrorAction Stop
    $newAppSettings = @{}
    $app.SiteConfig.AppSettings | %{$newAppSettings[$_.Name] = $_.Value} # Preserve existing app settings
    $newAppSettings["letsencrypt:ClientSecret"] = $secret; # Update the new secret
    $app = Set-AzWebApp -AppSettings $newAppSettings -ResourceGroupName $rg -Name $app.Name -ErrorAction Stop

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.