Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Issue with Web App certificate & ssl binding

See original GitHub issue

There is an issue when attempting to create and bind a certificate to a web app when the webapp is in a different resource group to the App Service Plan.

The following code works when both are in the same resource group, however it fails when they are in different resource groups.

var webApp = await azure.WebApps.GetByIdAsync(webAppId); webApp.Update() .DefineSslBinding() .ForHostname(domainName) .WithPfxCertificateToUpload(certFileName, cert.Password) .WithSniBasedSsl() .Attach() .DefineSslBinding() .ForHostname("www." + domainName) .WithPfxCertificateToUpload(certFileName, cert.Password) .WithSniBasedSsl() .Attach() .Apply();

The error message is “: Microsoft.Rest.Azure.CloudException: Certificate XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX was not found.”

When using the resource explorer, I can see the certificate has been uploaded to the Web App resource group instead of the App Service Plan resource group:

https://resources.azure.com/subscriptions/sub-id/resourceGroups/webapp-resourcegroup/providers/Microsoft.Web/certificates

So when the actual binding of the domain name to the ssl cert occurs, the certificate isn’t there so the above error is given.

Issue Analytics

State:
Created 5 years ago
Comments:7

Top GitHub Comments

2reactions

ghostcommented, Jan 14, 2019

A fully working workaround is this:

var webApp = ...;
foreach (var hostName in webApp.HostNameSslStates))
{
    var appServicePlan = await _azure.Instance.AppServices.AppServicePlans.GetByIdAsync(webApp.AppServicePlanId);
    await webApp.Manager.AppServiceCertificates
        .Define(string.Format("{0}##{1}#", thumbprint, appServicePlan.Region.Name))
            .WithRegion(webApp.Region)
            .WithExistingResourceGroup(appServicePlan.ResourceGroupName)
            .WithPfxFile(GetCertPath(domainName))
            .WithPfxPassword(_certificatePassword)
        .CreateAsync();

    hostName.Value.Thumbprint = thumbprint;
    hostName.Value.ToUpdate = true;
}
await webApp.Update().ApplyAsync();
await webApp.RefreshAsync(); // I'm not sure whether this is needed

0reactions

Linkenscommented, Apr 18, 2021

@sagoo33 Yep ! This checks out !

In hindsight, Not that weird to use the appservice plan ressource name to upload the cert. But it would be nice to have this in the documentation of the library. If app ressource group is different from app service plan’s, it will definitely lead to this ‘Not Found’ behavior if you are not careful where you upload. Therefore the Azure credentials used must have access to both resource group

Top Results From Across the Web

Troubleshoot domain and TLS/SSL certificates - Azure App ...

This problem might happen if you have multiple IP-based TLS/SSL bindings for the same IP address across multiple apps. For example, app A...

Web sites lose SSL certificate bindings - Microsoft 365

This issue occurs because the certificate doesn't have a unique Friendly name field. This field is required by the Microsoft Office Online.

Subdomain with www SSL binding error: No certificates ...

So after talking to 3 different support people at Microsoft, I finally got it working by going to the certificate TLS/SSL settings, ...

Web App Hostname binding with SSL not working #1434

Expected: Domain should be created with bindings to the SSL certificate using the provided thumbprint. ... Any work around fix or right approach ......

FAQ SSL certificates for Web Apps and App Service ...

I am unable to purchase an SSL certificate or App Service certificate ? · Go to App Service certificate in Azure portal ·...