How to Fix credential validation issue on Azure WebJob renewal of Let’s Encrypt Certificate

May 31, 2017 | Computer Programming | 7 comments

A while back, I posted about setting up SSL encryption for free with Azure and Let’s Encrypt: Let’s Encrypt + Azure = Win!

This has been working smoothly for me since I set it up, but I noticed that errors started popping up in the log recently. Here is part of the stack trace:

Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: Functions.RenewCertificate —> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. Trace ID: 958b11ab-839d-4a8d-97e6-fad1c3df0300 Correlation ID: e3f7c035-8978-4aa2-b01a-5c8fc74661ac Timestamp: 2017-05-31 14:14:26Z —> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.

It turns out that the API Key I had setup for my application registration had expired. I had to create a new key with no expiration and then update my Web Applications’ settings with the new Client secret. The exact steps I took are listed below:

  1. Login to Azure
  2. Navigate to “App Registrations”
  3. Choose the Registration you need to update
  4. Click the “settings” icon (or “All Settings” button)
  5. Choose “Keys” under API Access
  6. Type a description into the new row, choose “Never” under the duration drop down and then hit “Save” above.
  7. Once saved, copy the value (it won’t be visible again if you don’t copy it now)
  8. (Optional) delete your old key
  9. Navigate to the Azure App Service that has the web job that registers your SSL certificate
  10. Choose “Application Settings” from the menu
  11. Scrolling down to where you have a setting titled something like “letsencrypt:ClientSecret” (assuming you did the setup as in the article linked at the top) and paste the value you copied into the second text box
  12. Click “Save” above

Once you’re done, the web job should work the next time it runs. For another explanation with some pictures of the process, check out this blog post here: Let’s Encrypt on Azure Web Apps – Key Expiration Issue.

7 Comments

  2. Jhon
    Jhon on May 7, 2018 at 8:58 pm

    This post save my life 🙂

    Reply
  4. sylvain rodrigue
    sylvain rodrigue on July 30, 2018 at 2:04 am

    I read many posts explaining how to fix this problem, this is the solution I needed. Many thanks!

    Reply
  5. Dave
    Dave on July 31, 2018 at 10:15 pm

    Step 2: Navigate to “App Registrations” – Can you please elaborate on this please? What/where is this?
    Can you maybe update with screenshots please?

    Reply
    • gftrader
      gftrader on August 25, 2018 at 9:46 am

      Sorry for the long delay in my response Dave – I did not see the comment. App Registrations is found by searching all services. I have attached a screenshot of this: App Services Azure Search

      Reply
  6. John
    John on September 3, 2018 at 8:12 am

    Thanks. This helped me a lot… very grateful

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.