We are converting a project to use tenants. I have configured an IIS step to bind to an Octopus-managed certificate variable, which is set as a variable template for each tenant (for some customers, we host the app on their domain name which obviously needs their own certificate). This technique works well for other variable types but doesn’t seem to work for certificate variables. The deployment fails with the following error:
System.ArgumentNullException: Value cannot be null.
Parameter name: findValue
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.FindCertInStore(SafeCertStoreHandle safeSourceStoreHandle, X509FindType findType, Object findValue, Boolean validOnly)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Find(X509FindType findType, Object findValue, Boolean validOnly)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.FindCertificateInLocalMachineStore(String thumbprint)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.EnsureCertificateInStore(VariableDictionary variables, String certificateVariable)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.EnsureCertificatesUsedInBindingsAreInStore(VariableDictionary variables)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.Execute(RunningDeployment deployment)
at Calamari.Deployment.Conventions.FeatureConventionBase.ExecuteFeatureClasses(RunningDeployment deployment, String feature)
at Calamari.Deployment.Conventions.FeatureConventionBase.Run(RunningDeployment deployment)
at Calamari.Deployment.ConventionProcessor.RunInstallConventions()
at Calamari.Deployment.ConventionProcessor.RunConventions()
Running rollback conventions…
Value cannot be null.
Parameter name: findValue
System.ArgumentNullException
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.FindCertInStore(SafeCertStoreHandle safeSourceStoreHandle, X509FindType findType, Object findValue, Boolean validOnly)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.Find(X509FindType findType, Object findValue, Boolean validOnly)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.FindCertificateInLocalMachineStore(String thumbprint)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.EnsureCertificateInStore(VariableDictionary variables, String certificateVariable)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.EnsureCertificatesUsedInBindingsAreInStore(VariableDictionary variables)
at Calamari.Deployment.Features.IisWebSiteBeforeDeployFeature.Execute(RunningDeployment deployment)
at Calamari.Deployment.Conventions.FeatureConventionBase.ExecuteFeatureClasses(RunningDeployment deployment, String feature)
at Calamari.Deployment.Conventions.FeatureConventionBase.Run(RunningDeployment deployment)
at Calamari.Deployment.ConventionProcessor.RunInstallConventions()
at Calamari.Deployment.ConventionProcessor.RunConventions()
at Calamari.Commands.DeployPackageCommand.Execute(String[] commandLineArguments)
at Calamari.Program.Execute(String[] args)
The remote script failed with exit code 100
While trying to troubleshoot I updated to latest Octopus Server (3.16.7), and I also tried installing the certificate in question into the machine certificate store, even though the docs suggest that shouldn’t be necessary. Unfortunately neither of these helped…
Please see attached screenshots of all the relevant configuration, and also the deployment log. Is there anything I’m doing wrong?
ServerTasks-25831.log.txt (297 KB)
