Hello,
after updating to the most recent version I’ve noticed that my deploys don’t work properly anymore.
Namely updating the SSL thumbprint produces an error.
Das SSL-Zertifikat konnte nicht hinzugefügt werden. Fehler: 87
14:03:40Info Falscher Parameter.
14:03:40Info Attempt 1 of 5 failed: ScriptHalted
14:03:40Info Waiting for 3 seconds before retrying...
14:03:43Info Retrying...
14:03:43Info The required certificate binding is already in place
This results in the IIS config to be corrupted aswell. Opening any config dialog for the website gives a “Parameter is incorrect” error.
However, re-deploying a release that had been working previously will still succeed like expected. This only affects recently created releases.
Hi,
Thanks for getting in touch.
Would you be able to send verbose task logs for the deployment that is breaking the SSL bindings?
Do you have the SSL thumbprint bound to a variable?
What version of Octopus did you just update from?
Thanks,
Shane
Certainly, here you go.
Octopus Server version: 3.2.8+Branch.master.Sha.ec2c87850589f7276bfcba17a2ed24b9326e745b
11:38:14Info
The package has been installed to: C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4
11:38:22Verbose
If you would like the package to be installed to an alternative location, please specify the variable 'Octopus.Action.Package.CustomInstallationDirectory'
11:38:22Verbose
Creating 'C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4\Octopus.Features.IISWebSite_BeforePostDeploy.ps1' from embedded resource
11:38:22Verbose
Executing 'C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4\Octopus.Features.IISWebSite_BeforePostDeploy.ps1'
11:38:23Verbose
Name Value
11:38:23Verbose
---- -----
11:38:23Verbose
PSVersion 4.0
11:38:23Verbose
WSManStackVersion 3.0
11:38:23Verbose
SerializationVersion 1.1.0.1
11:38:23Verbose
CLRVersion 4.0.30319.42000
11:38:23Verbose
BuildVersion 6.3.9600.17400
11:38:23Verbose
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}
11:38:23Verbose
PSRemotingProtocolVersion 2.2
11:38:24Info
Found binding: @{protocol=http; ipAddress=; port=80; host=; thumbprint=; requireSni=False; enabled=True}
11:38:24Info
Found binding: @{protocol=https; ipAddress=*; port=443; host=; thumbprint=c5bc414037bf00bd85d944db0c7e7f35e32e134b; requireSni=True; enabled=true}
11:38:24Info
Finding SSL certificate with thumbprint c5bc414037bf00bd85d944db0c7e7f35e32e134b
11:38:24Info
Found certificate: CN=***, O=***, L=Berlin, S=Berlin, C=DE, SERIALNUMBER=HRB 103896, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.1=Berlin (Charlottenburg), OID.1.3.6.1.4.1.311.60.2.1.3=DE in: Root
11:38:25Info
Das SSL-Zertifikat konnte nicht hinzugefügt werden. Fehler: 87
11:38:25Info
Falscher Parameter.
11:38:25Info
Attempt 1 of 5 failed: ScriptHalted
11:38:25Info
Waiting for 2 seconds before retrying...
11:38:26Info
Retrying...
11:38:27Info
The required certificate binding is already in place
11:38:27Info
Application pool ".NET v4.5" already exists
11:38:27Info
Set application pool identity: ApplicationPoolIdentity
11:38:28Info
Set .NET framework version: v4.0
11:38:29Info
Site "TrackPilotN.Web" already exists
11:38:29Info
Application pool already assigned to website
11:38:29Info
Home directory: C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4
11:38:29Info
Comparing existing IIS bindings with configured bindings...
11:38:30Info
Found existing non-configured binding: https *:443:
11:38:30Info
Existing IIS bindings do not match configured bindings.
11:38:30Info
Clearing IIS bindings
11:38:30Info
Assigning binding: http *:80:
11:38:30Info
Assigning binding: https *:443:
11:38:30Info
Anonymous authentication enabled: True
11:38:30Info
Die Konfigurationsänderungen am Abschnitt "system.webServer/security/authentication/anonymousAuthentication" für "MACHINE/WEBROOT/APPHOST/TrackPilotN.Web" im Commit-Pfad "MACHINE/WEBROOT/APPHOST" der Konfiguration wurden übernommen.
11:38:30Info
Basic authentication enabled: False
11:38:30Info
Die Konfigurationsänderungen am Abschnitt "system.webServer/security/authentication/basicAuthentication" für "MACHINE/WEBROOT/APPHOST/TrackPilotN.Web" im Commit-Pfad "MACHINE/WEBROOT/APPHOST" der Konfiguration wurden übernommen.
11:38:30Info
Windows authentication enabled: False
11:38:30Info
Die Konfigurationsänderungen am Abschnitt "system.webServer/security/authentication/windowsAuthentication" für "MACHINE/WEBROOT/APPHOST/TrackPilotN.Web" im Commit-Pfad "MACHINE/WEBROOT/APPHOST" der Konfiguration wurden übernommen.
11:38:31Info
IIS configuration complete
11:38:31Verbose
Deleting 'C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4\Octopus.Features.IISWebSite_BeforePostDeploy.ps1'
11:38:31Verbose
Adding journal entry:
11:38:31Verbose
<Deployment Id="a384e175-f4c3-4a57-97bb-433518241844" EnvironmentId="Environments-3" ProjectId="Projects-1" PackageId="TrackPilotN.Web" PackageVersion="5.4.122.7" InstalledOn="2015-12-03 10:39:12" ExtractedFrom="C:\Octopus\Files\TrackPilotN.Web.5.4.122.7.nupkg-14debe35-155c-44eb-9586-bbf2a9ee5c90" ExtractedTo="C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4" RetentionPolicySet="Environments-3/Projects-1/Step-Veröffentlichen/Machines-1/<default>" CustomInstallationDirectory="C:\Octopus\Applications\Production\TrackPilotN.Web\5.4.122.7_4" WasSuccessful="True" />
Yes, the thumbprint is bound to a variable.
I’m not entirely sure what the last version was where we had a working deploy. We didn’t deploy to production for quite a bit. I think the last working one was from version 3.2.3 or earlier.
Hi,
If the thumbprint is bound to a variable and your old releases work and the new ones don’t, I suspect something around the variable is not working.
You may want to compare the variable snapshot for an old release against the variable snapshot of one of the releases that doesn’t work and see if there is any difference in the thumbprint variable.
You could also try printing variables when you deploy a release by adding the variable OctopusPrintEvaluatedVariables and setting it to true. This should show the value of the thumbprint and you will be able to check for any errors (such as encoding).
Cheers,
Shane