I have an ARM template deployment that is trying to create a managed app service certificate for TLS. It repeatedly fails with an internal server error. I have viewed hidden resources and there is no existing certificate.
I have based my template on those found at https://dotnetdevlife.wordpress.com/2019/11/12/arm-app-service-managed-certificate/ after finding it linked from this github issue: https://github.com/MicrosoftDocs/azure-docs/issues/42539.
I have looked at the API documentation for Microsoft.web/certificates and it seems like password is required, but I have tried supplying one and it still failed. No password is required when manually creating such a certificate through the Azure portal. I have also tried using various api versions.
The certificate snippet from my template is below:
"variables": {
"subDomainName": "[concat(parameters('websiteName'), '.', parameters('domainName'))]",
"certificateName": "[concat(parameters('websiteName'), '.', parameters('domainName'), '-', parameters('websiteName'))]"
},
...
{
"apiVersion": "2019-08-01",
"name": "[variables('certificateName')]",
"type": "Microsoft.Web/certificates",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/hostNameBindings', parameters('websiteName'), variables('subDomainName'))]"
],
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('hostingPlanName'))]",
"canonicalName": "[variables('subDomainName')]"
}
}
The deployment specifically fails on the certificate resource deployment. An example error I have received is:
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "Encountered internal server error. Diagnostic information: timestamp '20210122T182918Z', subscription id 'e476692c-951e-4341-8dea-efe0ed315289', tracking id '649ea872-9744-412f-8835-03847c2779b3', request correlation id '8f53bfef-64d3-43cf-8f3d-c443144601ae'."
}
}