Octopus can't find certificate

Hi,

We’ve recently had to update our SSL certificates and now during deployment, we get the following error:

Root<removed versioning>\web.config
September 5th 2019 20:42:58
Info
Adding certificate ‘CN=..com,OU=Domain Control Validated’ into Cert:\LocalMachine\My
September 5th 2019 20:42:58
Info
Certificate 'CN=
., OU=Domain Control Validated’ already exists in store ‘My’.
September 5th 2019 20:42:58
Info
Certificate ‘CN=Go Daddy Secure Certificate Authority - G2, OU=Repository, O=“GoDaddy.com, Inc.”, L=Scottsdale, S=Arizona, C=US’ already exists in store ‘CA’.
September 5th 2019 20:42:58
Info
Certificate ‘CN=Go Daddy Root Certificate Authority - G2, O=“GoDaddy.com, Inc.”, L=Scottsdale, S=Arizona, C=US’ already exists in store ‘Root’.
September 5th 2019 20:42:58
Info
Adding certificate ‘CN=.,OU=Domain Control Validated’ into Cert:\LocalMachine\My
September 5th 2019 20:42:58
Info
Certificate 'CN=
., OU=Domain Control Validated’ already exists in store ‘My’.
September 5th 2019 20:42:58
Info
Certificate ‘CN=Go Daddy Secure Certificate Authority - G2, OU=Repository, O=“GoDaddy.com, Inc.”, L=Scottsdale, S=Arizona, C=US’ already exists in store ‘CA’.
September 5th 2019 20:42:58
Info
Certificate ‘CN=Go Daddy Root Certificate Authority - G2, O=“GoDaddy.com, Inc.”, L=Scottsdale, S=Arizona, C=US’ already exists in store ‘Root’.
September 5th 2019 20:43:00
Info
Making sure a Website “” is configured in IIS…
September 5th 2019 20:43:00
Info
Finding SSL certificate with thumbprint 8B1823029FE325378CC2345C552F2705AC22A0D6
September 5th 2019 20:43:00
Error
Could not find certificate under Cert:\LocalMachine with thumbprint
September 5th 2019 20:43:00
Error
8B1823029FE325378CC2345C552F2705AC22A0D6. Make sure that the certificate is
installed to the Local Machine context and that the private key is available.
At C:\Octopus\Applications\Production\IIS-Root<removed versioning>\Octopus.Features.IISWebSite_BeforePostDeploy.ps1:480 char:4
September 5th 2019 20:43:00
Error

  •         throw "Could not find certificate under Cert:\LocalMachine with  thumbprint $s ... 
    
September 5th 2019 20:43:00
Error
    + CategoryInfo          : OperationStopped: (Could not find ...y is available.:String) [], RuntimeException 
    + FullyQualifiedErrorId : Could not find certificate under Cert:\LocalMachine with thumbprint 8B1823029FE325378CC2345C552F2705AC22A0D6. Make sure that the certificate is installed to the Local Machine context and that the private key is available. 
September 5th 2019 20:43:00
Error
Script 'C:\Octopus\Applications\Production\IIS-Root\<removed versioning>\Octopus.Features.IISWebSite_BeforePostDeploy.ps1' returned non-zero exit code: 1 
September 5th 2019 20:43:00
Error
Running rollback conventions... 
September 5th 2019 20:43:00
Error
Script 'C:\Octopus\Applications\Production\IIS-Root\<removed versioning>\Octopus.Features.IISWebSite_BeforePostDeploy.ps1' returned non-zero exit code: 1 
September 5th 2019 20:43:00
Error
The remote script failed with exit code 1 
September 5th 2019 20:43:22
Error
The task was canceled 

I’ve taken a look at previous posts and I don’t believe this is a white space issue. We are using a variable to hold our certificate and giving the responsibility for Octopus to manage and deploy it.

We are deploying to AWS AMIs and I believe I have installed the certificate there properly as well. I believe the private key is there too, since there is a little key on the icon, but I might be wrong.

Any help will be appreciated!

Thanks,
Jaime

Hi @jsoosee

Thanks for reaching out. We’ve seen errors like this in scenarios where Octopus doesn’t have enough permissions to see the certificate.

My understanding from your description is that you are installing the certificate manual in your server, is that correct? If that’s the case, my recommendation would be to manually remove the certificate from the VM and then allow Octopus to install it using its certificates features

Let me know how that goes
Dalmiro

Hi Dalmiro,

Thanks for your response. I believe that we have the certificate on our AWS AMI instances as well as on Octopus.

I’ll try removing it from our AMI instances and just let Octopus handle it, hopefully that will resolve it. Will try it shortly and let you know how it goes.

Thanks!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.