Let’s Encrypt auto renew on Azure Web App

We recently decided to give the Let’s Encrypt extension a go on one of our websites.  The setup process was fairly painless and there’s an excellent blog here.  So we waited our 3 months and eagerly anticipated its auto renewal.  After checking it should renew 14 days before expiry however with 2 days to go it was showing no signs of it happening.

Upon checking the status on the web job that is supposed to handle renewals in the Azure Portal it reported a status of “Pending Restart”.  I headed over to the web jobs log url: https://<yourURL>/azurejobs/#/jobs to see if it gave me any more insight.  Interestingly when we clicked on the job itself and then “Toggle output” we got some much more useful logs! Our error in particular was in relation to the storage account:

[10/05/2018 07:22:57 > 316c5f: INFO]    at Microsoft.Azure.WebJobs.Host.Blobs.Bindings.BlobAttributeBindingProvider.<TryCreateAsync>d__5.MoveNext()
[10/05/2018 07:22:57 > 316c5f: ERR ] Unhandled Exception: Microsoft.Azure.WebJobs.Host.Indexers.FunctionIndexingException: Error indexing method ‘Functions.AddCertificate’ —> System.InvalidOperationException: Microsoft Azure WebJobs SDK ‘Storage’ connection string is missing or empty. The Microsoft Azure Storage account connection string can be set in the following ways:
[10/05/2018 07:22:57 > 316c5f: INFO] — End of stack trace from previous location where exception was thrown —
ngs section of the .config file in the following format <add name=”AzureWebJobsStorage” connectionString=”DefaultEndpointsProtocol=http|https;AccountName=NAME;AccountKey=KEY” />, or
[10/05/2018 07:22:57 > 316c5f: ERR ] 2. Set the environment variable named ‘AzureWebJobsStorage’, or
[10/05/2018 07:22:57 > 316c5f: INFO]    at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
[10/05/2018 07:22:57 > 316c5f: ERR ] 3. Set corresponding property of JobHostConfiguration.

Ok then!  When we checked we definitely didn’t have a variable or connection string called “AzureWebJobsStorage” – handily though we did have one for “AzureWebJobsDashboard“.  According to the setup instructions we should have both: https://github.com/sjkp/letsencrypt-siteextension/wiki/How-to-install#azure-web-jobs.  After copying the contents of the dashboard setting value and creating the storage connection string things were looking much more promising.  And eventually the renewal went though without a hitch.

Hope it helps!

About the author