Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Dave 10 posts 80 karma points
    Aug 08, 2024 @ 17:23
    Dave
    0

    Cannot complete CLI install in Azure because of certificate problems

    Hi all,

    First, I am a systems guy. I am not a developer. So, I may be WAY off base here. Please bear with me!

    I have set up an Azure App Service running Windows with .NET8. (version 8.0.205) I then get into the .NET/Umbraco portion. The following commands work as expected:

    dotnet new install Umbraco.Templates
    dotnet new umbraco --name TestProject 
    cd TestProject
    

    However, the run command fails:

    C:\home\site\wwwroot\TestProject>dotnet run
    Building...
    [17:10:06 INF] Acquiring MainDom.
    [17:10:06 INF] Acquired MainDom.
    [17:10:10 INF] Starting recurring background jobs hosted services
    [17:10:10 INF] Starting background hosted service for HealthCheckNotifierJob
    [17:10:10 INF] Starting background hosted service for KeepAliveJob
    [17:10:10 INF] Starting background hosted service for LogScrubberJob
    [17:10:10 INF] Starting background hosted service for ContentVersionCleanupJob
    [17:10:10 INF] Starting background hosted service for ScheduledPublishingJob
    [17:10:10 INF] Starting background hosted service for TempFileCleanupJob
    [17:10:10 INF] Starting background hosted service for InstructionProcessJob
    [17:10:10 INF] Starting background hosted service for TouchServerJob
    [17:10:10 INF] Starting background hosted service for WebhookFiring
    [17:10:10 INF] Starting background hosted service for WebhookLoggingCleanup
    [17:10:10 INF] Starting background hosted service for ReportSiteJob
    [17:10:10 INF] Completed starting recurring background jobs hosted services
    Unhandled exception.[17:10:10 ERR] Hosting failed to start
    System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
    To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
    For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
       at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
       at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaultsWorker(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaults(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
       at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
       at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
    [17:10:10 ERR] BackgroundService failed
    System.OperationCanceledException: The operation was canceled.
       at System.Threading.CancellationToken.ThrowOperationCanceledException()
       at System.Threading.SemaphoreSlim.WaitUntilCountOrTimeoutAsync(TaskNode asyncWaiter, Int32 millisecondsTimeout, CancellationToken cancellationToken)
       at Umbraco.Cms.Infrastructure.HostedServices.BackgroundTaskQueue.DequeueAsync(CancellationToken cancellationToken)
       at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.BackgroundProcessing(CancellationToken stoppingToken)
       at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.ExecuteAsync(CancellationToken stoppingToken)
       at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
    [17:10:10 FTL] The HostOptions.BackgroundServiceExceptionBehavior is configured to StopHost. A BackgroundService has thrown an unhandled exception, and the IHost instance is stopping. To avoid this behavior, configure this to Ignore; however the BackgroundService will not be restarted.
    System.OperationCanceledException: The operation was canceled.
       at System.Threading.CancellationToken.ThrowOperationCanceledException()
       at System.Threading.SemaphoreSlim.WaitUntilCountOrTimeoutAsync(TaskNode asyncWaiter, Int32 millisecondsTimeout, CancellationToken cancellationToken)
       at Umbraco.Cms.Infrastructure.HostedServices.BackgroundTaskQueue.DequeueAsync(CancellationToken cancellationToken)
       at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.BackgroundProcessing(CancellationToken stoppingToken)
       at Umbraco.Cms.Infrastructure.HostedServices.QueuedHostedService.ExecuteAsync(CancellationToken stoppingToken)
       at Microsoft.Extensions.Hosting.Internal.Host.TryExecuteBackgroundServiceAsync(BackgroundService backgroundService)
    [17:10:10 INF] Application is shutting down...
    [17:10:10 INF] Stopping (environment)
     System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
    To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
    For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
       at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
       at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaultsWorker(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.HttpsConfigurationService.UseHttpsWithDefaults(ListenOptions listenOptions)
       at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
       at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
       at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
       at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
       at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>g__LogAndRethrow|15_3(<>c__DisplayClass15_0&)
       at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
       at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
       at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
       at Program.<Main>$(String[] args) in C:\home\site\wwwroot\TestProject\Program.cs:line 28
       at Program.<Main>(String[] args)
    

    The relevant error appears to be:

     Unhandled exception.[17:10:10 ERR] Hosting failed to start
        System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
        To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
    

    Running the suggested dev-certs commands also fail:

    C:\home\site\wwwroot\TestProject>dotnet dev-certs https
    There was an error saving the HTTPS developer certificate to the current user personal certificate store.
    
    C:\home\site\wwwroot\TestProject>dotnet dev-certs https --check
    No valid certificate found.
    
    C:\home\site\wwwroot\TestProject>dotnet dev-certs https --trust
    Trusting the HTTPS development certificate was requested. A confirmation prompt will be displayed if the certificate was not previously trusted. Click yes on the prompt to trust the certificate.
    There was an error saving the HTTPS developer certificate to the current user personal certificate store.
    

    I am completely stuck at this point. I'd love to hear any suggestions you all might have. THANKS!

  • Steve Brereton 32 posts 173 karma points
    Aug 12, 2024 @ 10:15
    Steve Brereton
    0

    First thought is, have you checked that there is or was a valid certificate in the certificate store? Which command produced the 'error saving' response?

    Can you do a basic read of what is in the current personal store? That would establish that you have permissions on the store.

  • Dave 10 posts 80 karma points
    Aug 12, 2024 @ 12:57
    Dave
    0

    Thanks for the reply, Steve.

    It's an Azure App Service. There is no way (that I have found) to enumerate the certificate stores. There is no desktop and there is no GUI

  • Steve Brereton 32 posts 173 karma points
    Aug 12, 2024 @ 13:11
  • Dave 10 posts 80 karma points
    Aug 12, 2024 @ 13:19
    Dave
    0

    I could do that, but the difficulty is that this is intended as a temporary sand box environment. There is no need for a custom domain. The default App Service certificate should be sufficient.

    I wonder if IIS is causing my difficulty? Because THAT default page works just fine.

  • Steve Brereton 32 posts 173 karma points
    Aug 12, 2024 @ 14:37
    Steve Brereton
    0

    What sort of access to IIS do you have?

  • Dave 10 posts 80 karma points
    Aug 12, 2024 @ 19:50
    Dave
    0

    None, as far as I know. The whole point of an App Service is to not manage that stuff! :)

  • Steve Brereton 32 posts 173 karma points
    Aug 13, 2024 @ 08:01
    Steve Brereton
    0

    As you're running a web site, there has to be some management you can access. The symptoms you report suggest the certificate has not been bound to the site, and certificates are only valid for a set time.

  • Dave 10 posts 80 karma points
    Aug 20, 2024 @ 12:22
    Dave
    0

    There is. I can do all sorts of things through KUDU and other Azure features. However, I have been unable to find any CLI tool that will allow me to fiddle around with the dev-certs. All of the solutions I have found require you to use the GUI certmgr.msc, which only exists on machines with a desktop available to the end user.

    I don't understand. I am certain that plenty of people host an Umbraco install on Azure Web Apps, but none have had this problem?

  • Steve Brereton 32 posts 173 karma points
    Aug 21, 2024 @ 13:30
    Steve Brereton
    0

    OK, so the certmgr is only for the create and install side, and doesn't have to be on the same server. In my previous role I often created the request and installed on another server, then exported in the right format and dropped the certificate to another server. I'm assuming you have a certificate in place, so you'd just need to bind it.

    Taking a guess again, but have you looked at this? https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex

  • Dave 10 posts 80 karma points
    Aug 26, 2024 @ 20:46
    Dave
    0

    Yes. I have read that. I do not need an additional SSL certificate, I am fine with the <appname>.azurewebsites.net DNS already in place. I need the dotnet dev-certs command to work, but it always says it "cannot write to the certificate store."

    All the "solutions" I find are to run dotnet dev-certs --https --trust, which also fails...with the same problem. I can't even export the dev-certs!

    I need a way to manage the cert stores on the Web App via command-line. Even that seems to be overkill though because getting Umbraco to install via command line is supposed to be the EASY part....and that seems to be the case for everyone else.

    Is there a way to specify an existing certificate for Umbraco to use?

Please Sign in or register to post replies

Write your reply to:

Draft