Share via

I can bind keyvault certificate to webapp in US_MIDDLE but not US_EAST.

David Fahlander 0 Reputation points
2024-03-18T14:08:29.5066667+00:00

I am moving from US_MIDDLE to US_EAST but having issue to bind certificates to the new webapp in US_EAST. I had a 3-hours service window yesterday where I moved the database but were unable to enable the new app so I had to revert DNS settings to the old app. Certificates lie in keyvault but is only possible to bind to apps in the US_MIDDLE region but not to the new apps in the US_EAST region.

The following command works:

az webapp config ssl bind --certificate-thumbprint "$CERT_THUMBPRINT" --name "<app in US_MIDDLE>" --resource-group "$DEPLOY_AZ_RESOURCE_GROUP" --ssl-type SNI

The following command fails:

az webapp config ssl bind --certificate-thumbprint "$CERT_THUMBPRINT" --name "<app in US_EAST>" --resource-group "$DEPLOY_AZ_RESOURCE_GROUP" --ssl-type SNI

Error: Certificate for thumbprint '2AF44D8A46512F6C570D2F6EAF8C00DC113079F0' not found.

  • The app-service-plans are linux B2 in both cases
  • Only obvious difference is the region of the apps and plans
  • Certificate lies in a keyvault in the same resource group as both apps
  • There is no firewall rules set on the keyvault.
  • Keyvault is actually in US_EAST (so it's wierd that it cannot be used from the app in US_EAST but only apps in US_MIDDLE)
  • I have explicitely permitted the new app to full control of the keyvault (for troubleshooting only - the old apps doesn't even have any explicit permission but may bind the cert anyway)
Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,160 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,167 questions