-
Notifications
You must be signed in to change notification settings - Fork 728
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Webapp slot won't deploy as clone if SSL cert has multiple Subject Alternate Names #4564
Comments
Update: The deployment works with the new cert only on the initial deployment. On subsequent deployments, even if there have been no changes to the app service or the slot, we get the cert not found error again. |
This my not be slot related at all. Further troubleshooting has revealed that the problem happens when the app service is being updated in the deployment, even if we've removed all references to adding a slot. I have a ticket open with Azure. Let me know if you want me to close this ticket in the meantime. |
It would be great if you can let us know how that support ticket gets resolved. It's ok to leave it open while we wait. |
@Ben424242 -- do you mind sharing the support ticket number? We will follow up with the web team. |
As I suspected, it was only an issue with the cert resource, and had nothing to do with adding a slot. We got the same error on re-deployments even after removing all of the slot resources. The solution was to use an earlier API for the certificate resource (Microsoft.Web/certificates@2018-11-01 instead of Microsoft.Web/certificates@2021-01-15). That worked and we no longer get the error on a re-deploy. Our support case # was 2109270010002207 |
Hi Ben424242, this issue has been marked as stale because it was labeled as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment. Thanks for contributing to bicep! 😄 🦾 |
Bicep version
Bicep CLI version 0.4.613
Describe the bug
We are deploying a Web App with a staging slot cloned from the site. The web app has a custom host name binding using a cert from our enterprise PKI. The cert has a subject alternate name in addition to the common name.
The app deploys fine, but fails trying to deploy the slot resource. The error is "Cannot find Certificate with name application.company.org."
We were able to work around the error by re-issuing the cert with no SAN. Once it has only one name in the cert the deployment succeeded.
I think what's happening is that instead of looking for the cert in the clone by thumbprint or by its common name, it's looking for the subject name. In the san cert the subject name comes accross like this: "application.company.org,application"
To Reproduce
Here is the code we are using.
The text was updated successfully, but these errors were encountered: