Share via

How can I delete expired certificate that will not be deleted?

Alex 0 Reputation points
2024-05-03T17:17:00.6466667+00:00

I'm encountering an issue while trying to update an SSL certificate on my web app. Here's the problem in detail:

I have an expired certificate that I cannot seem to delete. Despite receiving a "successful" message upon attempting deletion, the expired certificate persists even after refreshing the page, and restarting the app. Additionally, I'm unable to add a new certificate to that binding as the old certificate is still there..

I've already tried locating the certificate in the "Resource Explorer" without success. When running the following command in the az cli, I can only find the one working certificate, not the one I am trying to delete:

az group list --query "[].name" -o tsv | while read rg; do echo "Resource Group: $rg"; az resource list --resource-group "$rg" --resource-type Microsoft.Web/certificates --output table; done

Here's a breakdown of what I've done so far:

  • I have two subscriptions: "CloudSub" and "VisualStudioSub".
  • The resource two resoruce groups are "MeterGroup" and CustomerGroup".
  • The "CustomerGroup" is in the "CloudSub"
  • Initially, I encountered an error stating that the certificate was being used in a binding. I resolved this by deleting the binding and then adding it back. However, after this process, the binding no longer had a certificate.
  • When attempting to delete the certificate again, I received an error stating that the resource group "MeterGroup" did not exist. This specific resource was located in another subscription, namely "VisualStudioSub".
  • The web app was in the resource group "CustomerGroup"
  • To address this, I created a new resource group with the same name "MeterGroup" in the "CloudSub" subscription. Upon attempting deletion again, it appeared to be successful, but the expired certificate remained.
  • I've tried refreshing the page and restarting the web app it was connected to, but the certificate persists.
  • As a last resort, I moved all the resources from the resource group "MeterGroup" in the "VisualStudioSub" subscription to the newly created resource group "MeterGroup" in the "CloudSub".
  • I then moved the web app from the "CustomerGroup" to the "MeterGroup".
  • Subsequently, I deleted the resource group "MeterGroup" in the "VisualStudioSub" subscription. However, even after this process, the expired certificate remains.

I'm at a loss on how to proceed further. Any guidance or suggestions on resolving this issue would be greatly appreciated.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,985 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. brtrach-MSFT 15,351 Reputation points Microsoft Employee
    2024-05-07T05:13:26.75+00:00

    @Alex Check if the certificate is still being used in any other bindings. If it is, remove it from those bindings first before attempting to delete it again.

    1. Try deleting the certificate using the Azure portal instead of the CLI. Go to your web app's SSL settings and try deleting the certificate from there.
    2. If the certificate still persists after trying the above steps, try deleting it using PowerShell. Here's an example command: 
         Remove-AzWebAppCertificate -ResourceGroupName "CustomerGroup" -WebAppName "YourWebAppName" -Name "YourCertificateName"
      Replace "CustomerGroup" with the name of your resource group and "YourWebAppName" and "YourCertificateName" with the appropriate values.

    If the above steps do not resolve the issue, please reply to this message and we have a method that should resolve this issue.

    0 comments