Cannot complete CLI install in Azure because of certificate problems
Hi all,
First, I am a systems guy. I am not a developer. So, I may be WAY off base here. Please bear with me!
I have set up an Azure App Service running Windows with .NET8. (version 8.0.205) I then get into the .NET/Umbraco portion. The following commands work as expected:
dotnet new install Umbraco.Templates
dotnet new umbraco --name TestProject
cd TestProject
However, the run command fails:
C:\home\site\wwwroot\TestProject>dotnet run
Building...
[17:10:06 INF] Acquiring MainDom.
[17:10:06 INF] Acquired MainDom.
[17:10:10 INF] Starting recurring background jobs hosted services
[17:10:10 INF] Starting background hosted service for HealthCheckNotifierJob
[17:10:10 INF] Starting background hosted service for KeepAliveJob
[17:10:10 INF] Starting background hosted service for LogScrubberJob
[17:10:10 INF] Starting background hosted service for ContentVersionCleanupJob
[17:10:10 INF] Starting background hosted service for ScheduledPublishingJob
[17:10:10 INF] Starting background hosted service for TempFileCleanupJob
[17:10:10 INF] Starting background hosted service for InstructionProcessJob
[17:10:10 INF] Starting background hosted service for TouchServerJob
[17:10:10 INF] Starting background hosted service for WebhookFiring
[17:10:10 INF] Starting background hosted service for WebhookLoggingCleanup
[17:10:10 INF] Starting background hosted service for ReportSiteJob
[17:10:10 INF] Completed starting recurring background jobs hosted services
Unhandled exception.[17:10:10 ERR] Hosting failed to start
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaultsWorker(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaults(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
[17:10:10 ERR] BackgroundService failed
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at System.Threading.SemaphoreSlim.WaitUntilCountOrTimeoutAsync(TaskNode asyncWaiter, Int32 millisecondsTimeout, CancellationToken cancellationToken)
at Umbraco.Cms.Infrastructure.HostedServices.BackgroundTaskQueue.DequeueAsync(CancellationToken cancellationToken)
at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.BackgroundProcessing(CancellationToken stoppingToken)
at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.ExecuteAsync(CancellationToken stoppingToken)
at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
[17:10:10 FTL] The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at System.Threading.SemaphoreSlim.WaitUntilCountOrTimeoutAsync(TaskNode asyncWaiter, Int32 millisecondsTimeout, CancellationToken cancellationToken)
at Umbraco.Cms.Infrastructure.HostedServices.BackgroundTaskQueue.DequeueAsync(CancellationToken cancellationToken)
at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.BackgroundProcessing(CancellationToken stoppingToken)
at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.ExecuteAsync(CancellationToken stoppingToken)
at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
[17:10:10 INF] Application is shutting down...
[17:10:10 INF] Stopping (environment)
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaultsWorker(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaults(ListenOptions listenOptions)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>g__LogAndRethrow|15_3(<>c__DisplayClass15_0&)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Program.<Main>$(String[] args) in C:\home\site\wwwroot\TestProject\Program.cs:line 28
at Program.<Main>(String[] args)
The relevant error appears to be:
Unhandled exception.[17:10:10 ERR] Hosting failed to start
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
Running the suggested dev-certs commands also fail:
C:\home\site\wwwroot\TestProject>dotnet dev-certs https
There was an error saving the HTTPS developer certificate to the current user personal certificate store.
C:\home\site\wwwroot\TestProject>dotnet dev-certs https --check
No valid certificate found.
C:\home\site\wwwroot\TestProject>dotnet dev-certs https --trust
Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
There was an error saving the HTTPS developer certificate to the current user personal certificate store.
I am completely stuck at this point. I'd love to hear any suggestions you all might have. THANKS!
First thought is, have you checked that there is or was a valid certificate in the certificate store?
Which command produced the 'error saving' response?
Can you do a basic read of what is in the current personal store? That would establish that you have permissions on the store.
I could do that, but the difficulty is that this is intended as a temporary sand box environment. There is no need for a custom domain. The default App Service certificate should be sufficient.
I wonder if IIS is causing my difficulty? Because THAT default page works just fine.
As you're running a web site, there has to be some management you can access. The symptoms you report suggest the certificate has not been bound to the site, and certificates are only valid for a set time.
There is. I can do all sorts of things through KUDU and other Azure features. However, I have been unable to find any CLI tool that will allow me to fiddle around with the dev-certs. All of the solutions I have found require you to use the GUI certmgr.msc, which only exists on machines with a desktop available to the end user.
I don't understand. I am certain that plenty of people host an Umbraco install on Azure Web Apps, but none have had this problem?
OK, so the certmgr is only for the create and install side, and doesn't have to be on the same server. In my previous role I often created the request and installed on another server, then exported in the right format and dropped the certificate to another server. I'm assuming you have a certificate in place, so you'd just need to bind it.
Yes. I have read that. I do not need an additional SSL certificate, I am fine with the <appname>.azurewebsites.net DNS already in place. I need the dotnet dev-certs command to work, but it always says it "cannot write to the certificate store."
All the "solutions" I find are to run dotnet dev-certs --https --trust, which also fails...with the same problem. I can't even export the dev-certs!
I need a way to manage the cert stores on the Web App via command-line. Even that seems to be overkill though because getting Umbraco to install via command line is supposed to be the EASY part....and that seems to be the case for everyone else.
Is there a way to specify an existing certificate for Umbraco to use?
Cannot complete CLI install in Azure because of certificate problems
Hi all,
First, I am a systems guy. I am not a developer. So, I may be WAY off base here. Please bear with me!
I have set up an Azure App Service running Windows with .NET8. (version 8.0.205) I then get into the .NET/Umbraco portion. The following commands work as expected:
However, the run command fails:
The relevant error appears to be:
Running the suggested dev-certs commands also fail:
I am completely stuck at this point. I'd love to hear any suggestions you all might have. THANKS!
First thought is, have you checked that there is or was a valid certificate in the certificate store? Which command produced the 'error saving' response?
Can you do a basic read of what is in the current personal store? That would establish that you have permissions on the store.
Thanks for the reply, Steve.
It's an Azure App Service. There is no way (that I have found) to enumerate the certificate stores. There is no desktop and there is no GUI
https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-app-service-certificate?tabs=portal
Have you tried this way?
I could do that, but the difficulty is that this is intended as a temporary sand box environment. There is no need for a custom domain. The default App Service certificate should be sufficient.
I wonder if IIS is causing my difficulty? Because THAT default page works just fine.
What sort of access to IIS do you have?
None, as far as I know. The whole point of an App Service is to not manage that stuff! :)
As you're running a web site, there has to be some management you can access. The symptoms you report suggest the certificate has not been bound to the site, and certificates are only valid for a set time.
There is. I can do all sorts of things through KUDU and other Azure features. However, I have been unable to find any CLI tool that will allow me to fiddle around with the dev-certs. All of the solutions I have found require you to use the GUI certmgr.msc, which only exists on machines with a desktop available to the end user.
I don't understand. I am certain that plenty of people host an Umbraco install on Azure Web Apps, but none have had this problem?
OK, so the certmgr is only for the create and install side, and doesn't have to be on the same server. In my previous role I often created the request and installed on another server, then exported in the right format and dropped the certificate to another server. I'm assuming you have a certificate in place, so you'd just need to bind it.
Taking a guess again, but have you looked at this? https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex
Yes. I have read that. I do not need an additional SSL certificate, I am fine with the
<appname>.azurewebsites.netDNS already in place. I need the dotnet dev-certs command to work, but it always says it "cannot write to the certificate store."All the "solutions" I find are to run
dotnet dev-certs --https --trust, which also fails...with the same problem. I can't even export the dev-certs!I need a way to manage the cert stores on the Web App via command-line. Even that seems to be overkill though because getting Umbraco to install via command line is supposed to be the EASY part....and that seems to be the case for everyone else.
Is there a way to specify an existing certificate for Umbraco to use?
is working on a reply...