Azure Let Encrypt Error

Question

Azure Let Encrypt Error

I am trying to connect an Azure Let encryption site to one of my Azure sites by following the instructions on the page:

https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/20047#.VxUIbKgrKUl

but I get an authorization error on startup. I have no idea where to start to try to solve this problem, and any help would be more than welcome.

The error is as follows:

Microsoft.Rest.Azure.CloudException: client "{id}" with object identifier "{same identifier here ??}" does not have authority to perform the action "Microsoft.Web / sites / read" over scope "/ subscription / {identifier subscriptions} /resourceGroups/Default-Web-NorthEurope/providers/Microsoft.Web/sites/enjsitename} '. at Microsoft.Azure.Management.WebSites.SitesOperations.d__29.MoveNext ()

Refresh

This was a problem with the principles of accessing the web application.

I decided to go through the passage of the Troy hunt here: https://www.troyhunt.com/everything-you-need-to-know-about-loading-a-free-lets-encrypt-certificate-into-an-azure- Web -site/

Which is pretty good - it uses the old Azure portal to set up the active directory, which I found a little more useful, as I could really see what was happening.

In any case, I went through the whole process up to the actual certificate request, and now I get a 403 server error:

The remote server returned an error: (403) Forbidden. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Net.WebException: The remote server returned an error: (403) Forbidden. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [WebException: The remote server returned an error: (403) Forbidden.] System.Net.HttpWebRequest.GetResponse() +1390 ACMESharp.AcmeClient.RequestHttpPost(Uri uri, Object message) +642 [AcmeWebException: Unexpected error] ACMESharp.AcmeClient.AuthorizeIdentifier(String dnsIdentifier) +435 LetsEncrypt.SiteExtension.Core.CertificateManager.Authorize(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:518 LetsEncrypt.SiteExtension.Core.CertificateManager.Auto(Target binding) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:441 LetsEncrypt.SiteExtension.Core.CertificateManager.RequestAndInstallInternal(Target target) in c:\Projects\LetsEncrypt-SiteExtension\LetsEncrypt-SiteExtension\LetsEncrypt.SiteExtension.Core\CertificateManager.cs:244 LetsEncrypt.SiteExtension.Controllers.HomeController.Install(RequestAndInstallModel model) +604 lambda_method(Closure , ControllerBase , Object[] ) +104 System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) +14 System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary'2 parameters) +169 System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary'2 parameters) +27 System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) +22 System.Web.Mvc.Async.WrappedAsyncResult'2.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) +32 System.Web.Mvc.Async.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() +50 System.Web.Mvc.Async.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() +225 System.Web.Mvc.Async.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResult'1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) +34 System.Web.Mvc.Async.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() +26 System.Web.Mvc.Async.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult) +100 System.Web.Mvc.Async.WrappedAsyncResult'1.CallEndDelegate(IAsyncResult asyncResult) +10 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeAction(IAsyncResult asyncResult) +27 System.Web.Mvc.Controller.<BeginExecuteCore>b__1d(IAsyncResult asyncResult, ExecuteCoreState innerState) +13 System.Web.Mvc.Async.WrappedAsyncVoid'1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.Controller.EndExecuteCore(IAsyncResult asyncResult) +36 System.Web.Mvc.Controller.<BeginExecute>b__15(IAsyncResult asyncResult, Controller controller) +12 System.Web.Mvc.Async.WrappedAsyncVoid'1.CallEndDelegate(IAsyncResult asyncResult) +22 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.Controller.EndExecute(IAsyncResult asyncResult) +26 System.Web.Mvc.Controller.System.Web.Mvc.Async.IAsyncController.EndExecute(IAsyncResult asyncResult) +10 System.Web.Mvc.MvcHandler.<BeginProcessRequest>b__5(IAsyncResult asyncResult, ProcessRequestState innerState) +21 System.Web.Mvc.Async.WrappedAsyncVoid'1.CallEndDelegate(IAsyncResult asyncResult) +29 System.Web.Mvc.Async.WrappedAsyncResultBase'1.End() +49 System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult) +28 System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result) +9 System.Web.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +9644037 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +155

+7

ssl azure lets-encrypt

Andy roper Apr 18 '16 at 16:21

source share

7 answers

Greg gum · Answer 1 · 2017-03-26T21:33:27+0000

After you add an application registration, you must add it as a role assignment to a resource group with the Member role.

If you forget about it, you will get the error message above.

After that, restart the application service before trying to start the extension for encryption again.

Neil.Work · Answer 2 · 2017-03-10T21:06:01+0000

For me, this problem arose when my ResourceGroup was not the same as my ServicePlanResourceGroup.

So, if they are not equal, you need to add the account you created (ClientId you created the secret key) to the ServicePlanResourceGroup in addition to the ResourceGroup.

Eivind Gussiås Løkseth · Answer 3 · 2017-08-14T19:11:02+0000

I ran into the same issue for the new Azure App Service. It turned out that I had to actually deploy the web application before running the Let Encrypt wizard. When the default Azure App Service landing page for a site is content, the wizard cannot do its job.

joacar · Answer 4 · 2017-09-06T07:15:33+0000

I encountered the same exception and took the following steps to resolve it

Go to Azure Portal Subscriptions
Select the subscription hosting the application service.
Select Access Control (IAM)
Add New Object
Select the Contributor Role
Search after Service Principal
Add user

This immediately resolved the exclusion of insufficient permissions.

Refresh . Following the instructions (5. Register a service center) , make sure that you are logged in to the correct subscription. In my case, I created the service principal in the wrong subscription, so the principal was not correctly assigned to the application service used

Alex Belotserkovskiy · Answer 5 · 2016-04-19T21:42:05+0000

This is a problem with access. Please check 5. Register the main part of the service in the mentioned article. Do you have the same ApplicationId when this part was done using the ApplicationId on the LetsEncrypt page? The same secret? Check this out because it looks somehow wrong with this step.

PS I just checked this walkthrough without the error you were talking about.

Lybecker · Answer 6 · 2016-07-06T13:39:59+0000

I ran into the same problem.

I solved this by not specifying my own domain (for example, lybecker.com) in the Azure Let Encrypt site extension setup, but using the full lybecker.onmicrosoft.com file

mike123 · Answer 7 · 2017-07-11T20:26:06+0000

Here is what fixed for me (I also got the exact exception, like OP). Follow this guide https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/21872#.WWUzBoTythG when it comes to setting up Letsencrypt. Specify the values in the application settings (instead of manually specifying the values on the form) so that you do not need to check the "update settings" box, and you will take one more step.

Apparently, this exception somehow corresponds to the problem of accessing / saving values to the configuration file.

See if that helps.

Azure Let Encrypt Error

Refresh

More articles: