One potential solution could be to create the custom domain hostname binding first, without SSL, and then add the SSL binding using a subsequent deployment step. This would allow you to add the hostname to the webapp before creating the certificate, thereby avoiding the chicken/egg problem.
How to deploy App Service with managed SSL certificate using Bicep
There is a bug in deploying a Azure Web App with a custom domain and Managed SNI SSL. You can't deploy this with Bicep without the hostname already there, however adding a hostname with SNI SSL requires the Cert Thumbprint. Creating a chicken/egg problem.
The code below generates the following error:
Hostname for which you are requesting certificate is not added to this webapp. Recommended Action Please add the hostname to the webapp and then try creating certificate.
param webApp string
param env string
param customDomainName string
param location string = resourceGroup().location // Location for all resources
param serverFarmId string
param webAppName string = '${webApp}-${env}-app'
// Create certificates for hostname
resource certificates 'Microsoft.Web/certificates@2022-03-01' = {
name: customDomainName
location: location
properties: {
canonicalName: customDomainName
serverFarmId: serverFarmId
}
}
resource customDomainSsl 'Microsoft.Web/sites/hostNameBindings@2022-03-01' = {
name: '${webAppName}/${customDomainName}'
properties: {
siteName: webAppName
hostNameType: 'Verified'
sslState: 'SniEnabled'
thumbprint: certificates.properties.thumbprint
customHostNameDnsRecordType: 'A'
}
}
1 additional answer
Sort by: Most helpful
-
Ali Sufyan Butt 86 Reputation points MVP
2023-04-13T12:19:21.55+00:00 Another solution could be to use an existing SSL certificate, rather than creating a new one. This would require you to retrieve the certificate thumbprint and use it in the Bicep code to create the
Microsoft.Web/sites/hostNameBindings
resource type. Not sure it will work, I hope it does