[英]Azure Create App Service Managed Certificates - runs for ours and then fails
I want to create a free certificate by "Create App Service Managed Certificates" for an App Service.我想通过“创建应用服务托管证书”为应用服务创建免费证书。 It works for all my websites except one.
它适用于我所有的网站,除了一个。 The differnce between the problem domain and the other domains is that we used a paid certificate for this domain in the past - also generated by Azure.
问题域和其他域之间的区别在于我们过去为该域使用了付费证书 - 也是由 Azure 生成的。
I also deleted and recreated App Service - no luck.我还删除并重新创建了 App Service - 不走运。
Activity log says:活动日志说:
10:11 Accepted - Add or Update Certificate 10:11 接受 - 添加或更新证书
10:11 Started - Add or Update Certificate 10:11 开始 - 添加或更新证书
12:27 Failed - Add or Update Certificate (it failed after two hours) 12:27 失败 - 添加或更新证书(两小时后失败)
ErrorCode: ResourceOperationFailure错误代码:ResourceOperationFailure
Message: The resource operation completed with terminal provisioning state 'Failed'.消息:资源操作已完成,终端配置 state“失败”。
EDIT:编辑:
I found the Deployment error message: "The subscription is not registered with Azure Key Vault."我发现部署错误消息:“订阅未在 Azure Key Vault 中注册。”
Apologies for the delay on this, Lopuch.抱歉,Lopuch,延迟了。
Kindly check the complete/exact error message that you received to isolate issue.请检查您收到的完整/准确的错误消息以隔离问题。
Typically, you could receive an error something like:通常,您可能会收到类似以下内容的错误:
'code': 'DeploymentFailed', 'message': 'At least one resource deployment operation failed. 'code': 'DeploymentFailed', 'message': '至少一个资源部署操作失败。 Please list deployment operations for details.
请列出部署操作以获取详细信息。 Please see https://aka.ms/DeployOperations for usage details.', 'details': [ { 'code': 'BadRequest', 'message': 'Pending managed certificate failed: Certificate creation was rejected by CA for canonical name “Your domain name”: The domain or certificate request triggered a risky domain check.
请参阅https://aka.ms/DeployOperations了解使用详情。', 'details': [ { 'code': 'BadRequest', 'message': '挂起的托管证书失败:CA 拒绝了规范名称的证书创建“您的域名”:域或证书请求触发了有风险的域检查。
The free App Service Managed Certificate (ASMC) comes with the following limitations , kindly review or validate for your domain:免费的应用服务托管证书 (ASMC) 具有以下限制,请检查或验证您的域:
• Does not support wildcard certificates. • 不支持通配符证书。
• Does not support usage as a client certificate by using certificate thumbprint. • 不支持使用证书指纹作为客户端证书。
• Does not support private DNS. • 不支持私有DNS。
• Only supports alphanumeric characters, dashes (-), and periods (.) . • 仅支持字母数字字符、破折号(-) 和句点(.) 。
Also note that the free certificate is issued by DigiCert
.另请注意,免费证书是由
DigiCert
颁发的。 For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record
with the value: 0 issue digicert.com
.对于某些顶级域,您必须通过创建值为 0 issue
digicert.com
的CAA domain record
来明确允许 DigiCert 作为证书颁发者。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.