Docs for certificates are bad

[InDieTasten]

@osamabinsaleem wrote:

I'm working on setting up the SSL certificates explained here and I'm stuck. https://github.com/LM-Development/aks-sample/blob/main/Samples/PublicSamples/RecordingBot/docs/setup/certificate.md
The links in this page are expired and the instructions are not very clear.

[InDieTasten]

@osamabinsaleem That docs page is pretty bad. Essentially, you will need:

• A machine, on which the bot can run and bind ports on, that has a public facing IP
• A domain that points to such IP
• A certificate for serving TLS connections on that domain

Example:
You can create an Azure VM to get a machine with public IP and a cloudapps domain that can be configured on the public ip.
To get a certificate for whatever domain the host is reachable on, you can use certbot to get one issued.
It can be installed in the machines cert store and loaded from the bot implementation via the thumbprint.

[deshneni-akhil]

@InDieTasten Currently, following the SSL step and I am stuck at generating certificate step:

ngrok http --host-header="$SUBDOMAIN.ngrok.io" --subdomain="$SUBDOMAIN" 80 > /dev/null &
#wait for ngrok
sleep 5s
certbot certonly --config config.ini --standalone --preferred-challenges http
openssl pkcs12 -export \
    -out $ROOT/$CERTNAME \
    -inkey $CERTBOTDIR/privkey1.pem \
    -in $CERTBOTDIR/cert1.pem \
    -certfile $CERTBOTDIR/chain1.pem \
    -passout pass:$CERTIFICATEPASSWORD
echo "A new certificate has been created and found here: $ROOT/$CERTNAME"

The issue is at certbot step where I am receiving the below error:

Certbot failed to authenticate some domains (authenticator: standalone).The Certificate Authority reported these problems:Domain: uts.ngrok.io Type: unauthorized Detail: 34.214.56.111: Invalid response from https://acme.ngrok.com/.well-known/acme-challenge/mil-2_Ju3iBUy9UCH-kBZfY0yqEkrIt1ThvMDpfcwiw?host=uts.ngrok.io: 404

I am using the paid version of ngrok and the issue presented above is similar to this ticket https://community.letsencrypt.org/t/ngrok-endpoint-keeps-failing-challenge/212580

certbot version - 2.10.0
python version - 3.9.11

Any insights to overcome this issue is appreciated thanks for your help

[InDieTasten]

@deshneni-akhil Can you try to create a CNAME record of a custom domain towards your ngrok domain and try to get a certificate issued to the CN of your custom domain?

[deshneni-akhil]

@InDieTasten Thanks for suggesting a workaround, I have setup a custom domain with CNAME record to ngrok however I indeed received the same error failing HTTP101 challenge therefore instead of doing HTTP validation I did a DNS validation using certbot.

sudo certbot certonly --cert-name --manual --preferred-challenges dns -d "" --keep

By executing this step, I got a privkey and fullchain as output and I have used openssl to generate pfx file as instructed.

sudo openssl pkcs12 -export -out ./output.pfx -inkey /etc/letsencrypt/live//privkey.pem -in /etc/letsencrypt/live//fullchain.pem -passout pass: CERTIFICATEPASSWORD

Post this step, I have followed the document to configure .env variables and have started the project where I observe the below output

RecordingBot: Booting
warn: Microsoft.AspNetCore.Server.Kestrel[0]
      Overriding address(es) 'https://localhost:9441, http://localhost:9442'. Binding to endpoints defined via IConfiguration and/or UseKestrel() instead.
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: http://[::]:9442
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: https://[::]:9441
info: Microsoft.Hosting.Lifetime[0]
      Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
      Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
      Content root path: C:\Projects\RecordingBot\src\RecordingBot.Console
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/2 GET https://localhost:9441/ - - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/2 GET https://localhost:9441/ - 404 0 - 146.5666ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[16]
      Request reached the end of the middleware pipeline without being handled by application code. Request path: GET https://localhost:9441/, Response status code: 404
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET https://localhost:9441/ - - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET https://localhost:9441/ - 404 0 - 28.1539ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[16]
      Request reached the end of the middleware pipeline without being handled by application code. Request path: GET https://localhost:9441/, Response status code: 404
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
      Request starting HTTP/1.1 GET https://localhost:9441/ - - -
info: Microsoft.AspNetCore.Hosting.Diagnostics[2]
      Request finished HTTP/1.1 GET https://localhost:9441/ - 404 0 - 10.7009ms
info: Microsoft.AspNetCore.Hosting.Diagnostics[16]
      Request reached the end of the middleware pipeline without being handled by application code. Request path: GET https://localhost:9441/, Response status code: 404

The bot was not able to join the call ngrok server is working in background FYI the policy has been enabled and teams call has been placed to the policy enabled user. Let me know if you need any information thanks.

[InDieTasten]

@deshneni-akhil Looks like your bot is not receiving requests from the platform (I'd expect POST requests to /api/calling)