Hi, Iam seeing issue where it is trying to get the Thumbprint variable instead of the value. How do I fix this. Thank you so much in advance for your help.
Finding SSL certificate with thumbprint #{SPS_SSL_Certification_Thumbprint}
February 8th 2023 10:37:08
Error
OperationStopped: Could not find certificate under Cert:\LocalMachine with thumbprint #{SPS_SSL_Certification_Thumbprint}. Make sure that the certificate is installed to the Local Machine context and that the private key is available.
My setting is below:
Hello Jeremy,
First of all, thanks again for your time, Iam a newbie to Octopus that’s why Iam struggling with these.
Question: Why “SSL Certificate got deleted”? where should I change not to have it delete.
After doing so, deployment process successfully deployed, but I am seeing weird logs :
I believe the bindings you have on the IIS server are clashing with the ones set in your IIS step in Octopus. Are you using the Replace existing bindings radial button in the Bindings section of your IIS step? If not, can you toggle that, create a new release, and try the deploy again and see if you get different results?
Thank you for the update! I’m stepping in on this one, as Jeremy has gone offline for the day, but I’m happy to help!
In reviewing things so far, it seems like you might have custom bindings set on your IIS instance, which are then being replaced by your configuration from Octopus Deploy, and this configuration may not be getting set right.
As a next step, I would recommend removing any manual bindings from your IIS instance and then let Octopus Deploy implement this configuration as the source of truth.
If things still aren’t looking quite right from there, I would log into the IIS instance and inspect the configuration that was pushed by Octopus in order to identify the issue with the binding that is being set, which should help narrow in on what needs to be corrected for this.
I hope this helps, but if you are still having trouble with this process feel free to upload a fresh, full raw task log from this deployment process for our review, and we should be able to dive into this a little deeper.
Here is a secure link for the task log (if needed), so you don’t have to post this to the public forum.
What I meant by that statement is that I would just leave your IIS instance in a baseline state (so no manual bindings), set your binding configuration in Octopus Deploy via the Bindings section in the IIS step template, and then let Octopus Deploy manage this configuration. In this case, there would be nothing to “Replace” on the server from a bindings perspective, and Octopus Deploy would just set the proper configuration:
Octopus is already replacing this existing configuration in your current process (via the Replace existing bindings option), so this would just make your process more straightforward (as there wouldn’t be any confusion on custom bindings being set on IIS already).
In either case, it does look like Octopus is overriding the existing configuration on the IIS server, so it seems like something is not linking up quite right there. If you inspect the binding deployed by Octopus on your IIS server, this should shed some light on what has been misconfigured.
You should also be able to track the steps that Octopus is taking in IIS via the task log, and again, feel free to upload this for our review as well if you are still having trouble.
I hoped that help clarify my initial message, but let me know if I can be of any more help.
Here what I did:
Import the cert and using it. I point both envs dev and test to use this cert.
The dev deployment works fine which is getting the right certs #, but the test env kept trying to use the variable name :
Instead of “Finding SSL certificate with thumbprint #C6815D1661E01CDF02D06FD5ED9D5E29ED7E22B2”, What Iam seeing is “Finding SSL certificate with thumbprint #{SPS_SSL_Certification_Thumbprint}”
February 8th 2023 15:39:06
Info
Finding SSL certificate with thumbprint #{SPS_SSL_Certification_Thumbprint}
February 8th 2023 15:39:06
Error
OperationStopped: Could not find certificate under Cert:\LocalMachine with thumbprint #{SPS_SSL_Certification_Thumbprint}. Make sure that the certificate is installed to the Local Machine context and that the private key is available.
You’re very welcome! Thanks for all of the screenshots.
Can you please click into that binding you’ve got setup, and change it from Certificate Managed Externally to Certificate Managed By Octopus and then use the drop-down to select your cert, then save your process and create a new release and try deploying?
When you click “Select Certificate Variable” toward the bottom, does your certificate SPS_SSL_Certification_Thumbprint show up? If so please click that and see if that allows you to save without error.
it works … but still seeing the same issue "OperationStopped: Could not find certificate under Cert:\LocalMachine with thumbprint #{SPS_SSL_Certification_Thumbprint}. Make sure that the certificate is installed to the Local Machine context and that the private key is available. "
I don’t recommend leaving the setting on, because it can slow down deployments and cause bloated logs, but it should hopefully help us troubleshoot the issue.