I can bind keyvault certificate to webapp in US_MIDDLE but not US_EAST.
David Fahlander
0
Reputation points
I am moving from US_MIDDLE to US_EAST but having issue to bind certificates to the new webapp in US_EAST. I had a 3-hours service window yesterday where I moved the database but were unable to enable the new app so I had to revert DNS settings to the old app. Certificates lie in keyvault but is only possible to bind to apps in the US_MIDDLE region but not to the new apps in the US_EAST region.
The following command works:
az webapp config ssl bind --certificate-thumbprint "$CERT_THUMBPRINT" --name "<app in US_MIDDLE>" --resource-group "$DEPLOY_AZ_RESOURCE_GROUP" --ssl-type SNI
The following command fails:
az webapp config ssl bind --certificate-thumbprint "$CERT_THUMBPRINT" --name "<app in US_EAST>" --resource-group "$DEPLOY_AZ_RESOURCE_GROUP" --ssl-type SNI
Error: Certificate for thumbprint '2AF44D8A46512F6C570D2F6EAF8C00DC113079F0' not found.
- The app-service-plans are linux B2 in both cases
- Only obvious difference is the region of the apps and plans
- Certificate lies in a keyvault in the same resource group as both apps
- There is no firewall rules set on the keyvault.
- Keyvault is actually in US_EAST (so it's wierd that it cannot be used from the app in US_EAST but only apps in US_MIDDLE)
- I have explicitely permitted the new app to full control of the keyvault (for troubleshooting only - the old apps doesn't even have any explicit permission but may bind the cert anyway)