I'm in a bit of a bind and need some assistance with an issue I'm facing. I have two applications: one is a Node frontend using Angular, and the other is an API built with .NET Core 8. Both of these are deployed from the same container, toggling between user and admin modes.
I've been using GitHub Actions to handle deployment effectively with a matrix setup, generating internal Let's Encrypt certificates and uploading them into Azure Key Vault. After that, I attempt to import the certs into the resource group using the `az webapp config SSL import` command and bind them to the custom domains through `az webapp config SSL bind`.
This process was smooth for a while, but I recently expanded to accommodate four different sites and changed the matrix setup from two jobs to four. Each of these jobs generates certs for the user and admin in both the East and West regions.
While the certs are uploaded to Azure Key Vault without issue and I can confirm the thumbprint validation, I'm now facing a problem during the binding stage—it cannot find the thumbprint after importing. I've checked that no permissions have changed, and I can see the cert present in the resource group, but even after allowing for propagation over a weekend, it still doesn't work. I've manually run the import through the Azure portal successfully, so I'm eager to find out why this automated approach is failing.
3 Answers
Are you working with Azure Front Door at all? I once uploaded a cert to Key Vault, but it wouldn't update on Front Door. It just maintained the old cert. You might want to keep an eye on the timing too—sometimes it takes a day or so for changes to reflect.
Have you tried running just the binding part after a while? Sometimes, it helps to give Azure some time to settle. Also, you might want to check what `az webapp config ssl/show` outputs right after the import. Any clues in the Activity logs?
I had a similar experience where Azure Key Vault would take ages to show a cert in a succeeded state. Eventually, I just decided to upload the cert directly to the app and then bind it there. It saved me a lot of hassle! You might want to consider that as a backup plan.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically