Richard is the Principal Consultant and Founder of Arcible. A specialist in cloud solutions using Microsoft Azure, Microsoft 365, Microsoft Teams, Enterprise Mobility, and more. Richard holds numerous Microsoft certifications for both cloud and on-premises technologies.

Away from Arcible, Richard loves being involved in Scouting and getting outdoors with nature. You can find Richard online on Twitter and LinkedIn.

Azure App Service Lets Encrypt Renewal Failures and Resolution

Paying for certificates isn’t the done thing when you can get free certificates from Lets Encrypt. Free certificates from Lets Encrypt come at a different price and that is lifetime as the certificates are only ever valid for 90 days. If you’re still manually buying and installing certificates annually then you don’t want that four times a year so we automate the process end-to-end. This has been working perfectly since about 2018 for us, however, a recent alert about a certificate expiring made us sit up and look at this case of Azure App Service Lets Encrypt renewal failures and the resolution.

How is it automated?

The automation happens using an Extension installed within Azure App Service where we host our website. The extension, Azure Let’s Encrypt can be found at https://github.com/sjkp/letsencrypt-siteextension.

After a bit of tinkering to get it correctly installed, at the interval you set, a WebJob that runs against the App Service website will automatically retrieve a new certificate from Let’s Encrypt and apply it to your site. You have the option to define an alerting email address during the set-up process when things go wrong which in today’s case, proved important.

What was the problem?

What alerted us to a problem was the email notification to one of our monitoring mailboxes to report that the certificate was going to soon expire. We’ve never had this alert before because, for 3 years, this has worked without issue and never once failed to renew the certificate in time.

Looking at the logs for the WebJob in the App Service, we saw an error Unable to complete challenge with Lets Encrypt servers.

We took a look at the Issues log on the GitHub repository for the project behind the extension and it transpires that we were running version 1.0.4 of the extension and that other users reported that version 1.0.6, released just days ago, had no such issues.

Resolving the problem

Resolving the problem was a trivial task. First, we head into the Azure Portal at https://portal.azure.com and we navigate to our App Service instance where the extension is installed.

The Azure Let’s Encrypt extension showing version 1.0.4 installed and that an update is available

From the Extensions page, we can see that we have version 1.0.4 installed and that it is reporting that there is an update available. Drilling in to the extension itself, we can simply hit the Update button to update to the latest version of the Extension. Doing so took a matter of seconds and reported back 1.0.6 as the version okay.

From here, you can go to the WebJobs page to view the status of the Let’s Encrypt WebJob. This correctly shows as a Continuous job and the current status is Running which are both correct.

Verifying the type and status of the WebJob for the Let’s Encrypt Extension

If you dig into the Extension, you have the option to view the log files. Here, we can see the previous failures that have occurred. In our test site, this now correctly showed as successfully completing and in the TLS/SSL Settings page for the App Service, we can see that new certificate has been issued and applied to the site.

We’ve now applied the same change to our production site and when the next instance of the WebJob runs, it will successfully issue and apply the new certificate as it has done for our test site already.

Do you want to get away from paying for certificates or automate any of your processes?

As this article hopefully illustrates, you can have nice things for free. The power of automation has saved us many hours over the 3 years that we’ve been using it and the solution turned out to be a simple one.

Simple isn’t always the name of the game though and your savings through automation could be many times more than ours.

Contact us at Arcible to find out how we could help you save time and money through automating routine business processes to streamline your business and give you and your staff more time to focus on what’s important.

If you interested in learning more about our services such as modernising existing services or maybe you want to explore moving to Microsoft Azure for your website or other applications, take a look at what we can offer.

One to One Call Recording in Microsoft Teams

Recording meetings of online meetings is a common occurrence to allow people to refer back to them later or to allow people unable to join catch up. A less common requirement is the ability to do one to one call recording in Microsoft Teams. Until now, the ability to perform the recording of one-on-one calls was governed by the same Meeting Policy as the ability to record multi-participant calls, however, this is changing and breaking out to a new, separate setting.

Read more…

Running a Static Website for Less than a Latte

Yes, you read that right. If all you need is a way to show a couple of static web pages you could run a static website for less than the cost of a coffee for the entire year. Although the focus here is a small, simple, and static website, you can apply the same logic to larger sites or even if you need a way to serve up static content over HTTP, not just a website.

What do we mean by a static website?

In web terms, there are primarily two types of website: those which are static based on traditional Hypertext Markup Language (HTML) files and those which are dynamic, calculating different content server-side or retrieving information from a database.

Here, we’re talking about the former. Using the Static Website feature in Azure Storage, we can serve up HTML, JavsScript, and Cascading Stylesheets (CSS).

A website being static doesn’t mean that it can’t look good: by using JavaScript and CSS stylesheets, you can still have a great looking site it just doesn’t need the extra moving pasts like a database backend or a fancy interface to edit and add new pages.

Read more…

Arcible and the SolarWinds Solorigate SUNBURST Threat

At Arcible, we take monitoring our services seriously and we take security seriously too. We use multiple products for the monitoring of our services; we consider security at all times and factor it into multiple layers of our operations. We’re releasing this article both as reassurance for our customers and for your information about Arcible and the Solorigate SUNBURST threat.

Arcible does not use the SolarWinds Orion product or any SolarWinds products to conduct our business either internally or externally with customers. Based on our current understanding and knowledge of the issues, Arcible does not believe that it is impacted by the SolarWinds threat, however, we continue to remain vigilant and review our security tools.

Read more…

Use OneDrive and SharePoint for Microsoft Teams Meeting Recordings

Microsoft Stream is an odd service. It’s fantastic in its own right but limitations built within it and it’s positioning as a Microsoft 365 outsider has always been problematic. For Microsoft Teams, Microsoft Stream as the location for meeting records brought its own set of challenges. With change approaching, let’s explore how this is moving to use OneDirve and SharePoint for Microsoft Teams meeting recordings.

Microsoft Stream sure has a time and place. We think, for example, that it’s a fantastic platform for sharing videos internally such as corporate messaging, training, and more. But that is also it’s Achilles Heel. It is limited to internal use only and you cannot share recordings [directly] from Microsoft Stream with external users.

When you participate in a meeting with people from multiple organisations and the meeting is recorded, that goes to Microsoft Stream for the organisation of the meeting organiser. If you’re outside that organisation, the only way you can access that is if someone downloads the recording video file and shares it with you by manually copying the file to their OneDrive or SharePoint or worse, emails you the file.

Read more…

Block Incoming Calls with Microsoft Teams

Last week, a customer contacted us about an issue they were receiving persistent, unsolicited calls in Microsoft Teams from a phone number. The customer needed a way to block incoming calls from that number and we figured that this was one worth sharing for all to see.

Block incoming calls features in Microsoft Teams

One of the more hidden features in Microsoft Teams is the ability to block incoming calls from a number or a range of numbers at the organisation level. This isn’t something that’s visible or available in the Microsoft Teams Admin Center and requires the use of PowerShell.

Read more…

Measuring Client Performance with Endpoint Analytics

Whether it be a laptop that takes so long to boot you can make a coffee and drink it or whether it’s a logon process that is so slow it’s time for the user to take their next break already, we’ve all seen and heard of performance issues before. As IT or as someone making financial decisions about hardware purchases for end-users, knowing that what you have or what you buy is good is important and for that you need data and we can use Endpoint Analytics in Microsoft Intune exactly for this purpose.

Read more…

Audio Conferencing with Microsoft Teams

As the usage of Microsoft Teams continues to grow across organisations around the world, our reliance on PCs and digital devices grow. Under normal circumstances, that’s all well and good but what if you’re internet goes down? Microsoft Teams isn’t all about the app and that’s why dial-in Audio Conferencing with Microsoft Teams is an important and often overlooked facet of the service.

Whether your Internet is down, you live in an area with poor mobile data coverage which means you can’t use a mobile device with the Teams app, or whether you need a screen break but still want to participate, Audio Conferencing could be your ticket.

Read more…

Microsoft Flight Simulator on a Work Device

If you are a developer planning on using the Microsoft Flight Simulator APIs or whether you run some kind of aviation playground, running Microsoft Flight Simulator is going to be a must which may mean being able to run Microsoft Flight Simulator on a work device.

I’m a big aviation fan and while I don’t fly myself (the PPL is a dream for one day), simulations are the closest I’ll come for now. For anyone interested, the picture on this post is of me flying the Cessna 172 over Farnborough Airport, not too far from us in Basingstoke.

When I tried to install Microsoft Flight Simulator on a PC that was domain-joined as my Arcible work device, I couldn’t even get it installed. To download and install Microsoft Flight Simulator through the Xbox Store requires the new Xbox app for Windows 10. For this app to work, you need to be able to sign-in with your Xbox Live account and that was failing.

Read more…

Replace Your File Server with Azure Files

We’ve previously talked about migrating files to SharePoint Online and OneDrive for Business. Even if you’ve done this, you will no doubt have a reason for a file server still. If cloud is your goal, why not replace your file server with Azure Files?

You get all the same capabilities as you do with an on-premises file server but the benefits of a Platform-as-a-Service solution that doesn’t require servers.

Read more…