A while back, I posted about setting up SSL encryption for free with Azure and Let’s Encrypt: Let’s Encrypt + Azure = Win!
This has been working smoothly for me since I set it up, but I noticed that errors started popping up in the log recently. Here is part of the stack trace:
Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Microsoft.Azure.WebJobs.Host.FunctionInvocationException: Exception while executing function: Functions.RenewCertificate —> Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided. Trace ID: 958b11ab-839d-4a8d-97e6-fad1c3df0300 Correlation ID: e3f7c035-8978-4aa2-b01a-5c8fc74661ac Timestamp: 2017-05-31 14:14:26Z —> System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at Microsoft.IdentityModel.Clients.ActiveDirectory.HttpWebRequestWrapper.
It turns out that the API Key I had setup for my application registration had expired. I had to create a new key with no expiration and then update my Web Applications’ settings with the new Client secret. The exact steps I took are listed below:
- Login to Azure
- Navigate to “App Registrations”
- Choose the Registration you need to update
- Click the “settings” icon (or “All Settings” button)
- Choose “Keys” under API Access
- Type a description into the new row, choose “Never” under the duration drop down and then hit “Save” above.
- Once saved, copy the value (it won’t be visible again if you don’t copy it now)
- (Optional) delete your old key
- Navigate to the Azure App Service that has the web job that registers your SSL certificate
- Choose “Application Settings” from the menu
- Scrolling down to where you have a setting titled something like “letsencrypt:ClientSecret” (assuming you did the setup as in the article linked at the top) and paste the value you copied into the second text box
- Click “Save” above
Once you’re done, the web job should work the next time it runs. For another explanation with some pictures of the process, check out this blog post here: Let’s Encrypt on Azure Web Apps – Key Expiration Issue.
Thanks a lot! This saved me!
This post save my life 🙂
Thank you very much! All working again! 🙂
I read many posts explaining how to fix this problem, this is the solution I needed. Many thanks!
Step 2: Navigate to “App Registrations” – Can you please elaborate on this please? What/where is this?
Can you maybe update with screenshots please?
Sorry for the long delay in my response Dave – I did not see the comment. App Registrations is found by searching all services. I have attached a screenshot of this:
Thanks. This helped me a lot… very grateful