Comments (7)
sjkp
commented on May 13, 2024
That is a fair request - I would probably go with keyvault in that case. Don't expect me to get around to it within the next couple of weeks though.
from letsencrypt-siteextension.
TWith2Sugars
commented on May 13, 2024
KeyVault is a reasonable alternative.
Also thinking, if we had multiple instances with multiple installations then all webjobs will attempt to renew the cert at the same time.
Might be worth adding a setting to prevent them from attempting to renew.
from letsencrypt-siteextension.
sjkp
commented on May 13, 2024
@TWith2Sugars thanks for the concern, that shouldn't be an issue however, as the timeredtrigged that is used, already takes care of only running one job at any time (i think it uses azure blob storage for locking) https://github.com/Azure/azure-webjobs-sdk-extensions#timertrigger
from letsencrypt-siteextension.
TWith2Sugars
commented on May 13, 2024
Even better :)
I have found 1 odd edge case with regards to traffic managed sites.
In my above example the EU server made a request for a cert but the US instance was challenged.
How would we get round this?
from letsencrypt-siteextension.
sjkp
commented on May 13, 2024
Hmm - I should probably ensure that the challenge files are places on all web frontends. But good point., i just tested on a single instance.
from letsencrypt-siteextension.
sjkp
commented on May 13, 2024
I have tagged this with wontfix for now.
Because when using traffic manager it gets complicated to ensure the acme-challenge files is placed on all web frontends. In that type of setup it would probably be better with a solution that would use the DNS challenge instead of the http challenge. Unfortunately I can't think of an easy way to build the DNS challenge into the extension (it is at a minimum going to involve some manual DNS configuration). Right now that scenario is probably only for the most advanced use cases, and in many of those I would be reluctant to use Lets Encrypts certificates in the first place, as solutions that require a global footprint probably are of such high importance that they should just spend the money on a real certificate and use a Microsoft supported way of enabling SSL.
from letsencrypt-siteextension.
JamesHealey94
commented on May 13, 2024
Old thread, but is this still the case? Similar situation here but DNS is unfortunately not an option.
from letsencrypt-siteextension.
Related Issues (20)
- Failing to Renew HOT 4
- Auto renewal job finding 0 certs
- Can not finalize order with status 'valid'
- Upgrade to latest Microsoft.Azure.Management.Websites library not possible
- Staging server throws "Can not find issuer" Error HOT 2
- Error: The Service Plan is using the Shared which doesn't support SSL certificates.
- "Object reference not set to an instance of an object" when trying to install certificate HOT 1
- Server error HOT 1
- Let's Encrypt change on September 30 (DST Root CA X3) HOT 7
- Cannot renew when using Testing-In-Production and running from a slot
- GCC High/Azure Gov Tenants receive AADSTS900382: Confidential Client is not supported in Cross Cloud request HOT 2
- Azure.WebJobs.Host.FunctionInvocationException - Functions.AddCertificate HOT 1
- Authentication from webapp to Geneva fails continuosusly, Appservice restart temporarily fixes the problem but issues reappears after a while.
- Certs are not renewing HOT 14
- Weird client ID HOT 1
- AADSTS900382: Confidential Client is not supported in Cross Cloud request. HOT 3
- Is there any impact for the vulnerability of OpenSSl as Let's Encrypt uses it
- "Browse" button no longer there under Extensions in Azure? HOT 6
- .NET Standard 2.0 support
- Cannot find issuer for certificate HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from letsencrypt-siteextension.