question

James-0673 avatar image
5 Votes"
James-0673 asked SnehaAgrawal-MSFT commented

Unable to Bind Azure managed App Certificate

Unable to bind an newly created App Managed certificate on Azure this morning.
Created the new certificate fine (it did take a little longer than usual)
Unable to bind it to a custom domain with error message
'Invalid time value' and Cannot read properties of undefined (reading 'toString')

any suggestions?

azure-webapps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
2 Votes"
SnehaAgrawal-MSFT answered JamesArmstrong-1286 commented

@James-0673 Thanks for reaching here! Our product engineering team have identified a bug and are actively working on fixing it. I understand this issue can be frustrating and is inconvenient, please accept our sincere apologies. I’m constantly monitoring this and discussing with the concerned team internally.

As of now could you please try at https://aka.ms/canary to bypass this error.

I’ll follow-up on this with more updates as soon as I hear from them.
Requesting your co-operation on this.

· 8
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I got the same error as James-0673. The canary link fixes the issue and I can bind the SSL to the custom domain. Thanks!

1 Vote 1 ·

Experiencing the same issue from at-least 07:00 BST this morning. We are using Terraform to deploy so there doesn't seem to be an option for using https://aka.ms/canary.

0 Votes 0 ·

I have a ticket open for this issue also, ran into it last night. Same problem, we are using terraform and when it's trying to read the certificate from Azure it gets null values which causes terraform to panic.

Ticket #2109130040008895

0 Votes 0 ·

@ChrisChalmers-0292 Could you please share the location/region for web app/certificate ?


0 Votes 0 ·

Today I am unable to generate a certificate
'Create App Service Managed Certificates' has been running for over an hour.
aka.ms/canary does not do anything

0 Votes 0 ·

Trying for Region UK South, email sent

Many thanks

0 Votes 0 ·

I am also having the same issue (East US Region). Upon attempting to bind the cert to the app service with my PowerShell script, the certificate value being empty blocks the script from completing.

0 Votes 0 ·

@JamesArmstrong-1286 Could you please try as below:

Call the following API directly or use canary portal aka.ms/canary.
Example of the API request: in https://resources.azure.com/raw, call:

PUT https://management.azure.com/subscriptions/{ {subscription}}/resourceGroups/{ {resourceGroup}}/providers/Microsoft.Web/sites/{ {appName}}/hostNameBindings/{ {abc.example.com}}?api-version=2019-08-01
{
"id": "/subscriptions/{ {subscription}}/resourceGroups/{ {resourceGroup}}/providers/Microsoft.Web/sites/{ {appName}}",
"kind": "app",
"location": "Central US",
"name": "{ {appName}}",
"type": "Microsoft.Web/sites ",
"properties": {
"hostname": "{ {abc.example.com}}",
"sslState": "{ {SniEnabled or IpBasedEnabled}}",
"ipBasedSslResult": null,
"virtualIP": null,
"toUpdate": true,
"toUpdateIpBasedSsl": null,
"iPBasedSslState": "Configured",
"hostType": "Standard"
},
"tags": null
}

Let us know.




0 Votes 0 ·
SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered SnehaAgrawal-MSFT commented

Update: The original hotfix deployment is complete, please check to make sure you are able to use.

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Using CLI to get the resource, I am able to see the cert, but not the thumbprint:

az resource show -g $rgName -n $rName --resource-type "Microsoft.Web/certificates"


"id": "REDACTED",
"identity": null,
"kind": null,
"location": "East US",
"managedBy": null,
"name": "REDACTED",
"plan": null,
"properties": {
"canonicalName": "REDACTED",
"cerBlob": null,
"friendlyName": "",
"hostNames": [
"REDACTED"
],
"hostingEnvironment": null,
"hostingEnvironmentProfile": null,
"issuer": "",
"keyVaultId": "",
"keyVaultSecretName": "",
"password": null,
"pfxBlob": null,
"publicKeyHash": null,
"resourceGroup": "REDACTED",
"selfLink": null,
"serverFarmId": null,
"siteName": null,
"subjectName": "REDACTED",
"tags": null,
"thumbprint": "",
"toDelete": null,
"valid": null,
"webSpace": "REDACTED"
},
"resourceGroup": "REDACTED",
"sku": null,
"tags": null,
"type": "Microsoft.Web/certificates"
}


0 Votes 0 ·

Sure, This is an intended change, making the certificates truly managed like they should have originally been.
As its mentioned here

" There is an upcoming plan to remove thumbprint information from both portal and API to provide our customers a more managed experience for certificates without having to worry about all the details. Also, App Service Managed Certificate is not meant to be used as a client certificate."

Check this: https://azure.github.io/AppService/2021/05/25/App-Service-Managed-Certificate-GA.html

0 Votes 0 ·

What automation process would MS recommend to wire the managed certificate to the app service if the Thumbprint is now purposefully hidden?

Using "az webapp config ssl bind" is no longer an option is the required Thumbprint parameter is unavailable?

0 Votes 0 ·
Show more comments