I am trying to automate the process of obtaining an SSL certificate on my azure portal. For that I wrote an Azure function which downloads a new certificate and then uploads/binds it to my web app. The code looks like this:
app.Update()
.DefineSslBinding()
.ForHostname("*.my.domain")
.WithPfxCertificateToUpload(Path.Combine(executionContext.FunctionDirectory, "cert.pfx"), "pwd")
.WithSniBasedSsl()
.Attach()
.Apply();
which is supposed to upload a new certificate and create a new binding. It works as expected on a web app without existing certificates/bindings but if I run the function again I have some problems:
After some researching I figured out that if I list my certificates in the azure cli with az webapp config ssl list
the list on the portal is updated, ie all the certificates were there. But that doesn't help much.
My general question would be: is there any other way of rebinding a certificate?
Or, as an obvious workaround would be to remove an existing binding and the certificate beforeahead: how can I do the SSL certificate removal in an azure function using the .NET SDK?
Found the way.One should do this in 2 steps: first, upload a certificate with
var certificate = await azure.AppServices.AppServiceCertificates
.Define($"some-name")
.WithRegion(app.Region)
.WithExistingResourceGroup(app.ResourceGroupName)
.WithPfxByteArray(pfxBytes)
.WithPfxPassword("test")
.CreateAsync();
and then using WithExistingCertificate
:
await app.Update()
.DefineSslBinding()
.ForHostname("*.my.domain")
.WithExistingCertificate(certificate.Thumbprint)
.WithSniBasedSsl()
.Attach()
.ApplyAsync();
There is a pending pull request in order to do that in a single call https://github.com/Azure/azure-libraries-for-net/pull/208
UPD: The PR was merged so instead of 2 calls you can simply use a single one:
var certBytes = certificateService.RetreiveCertificate();
webapp
.Update()
.DefineSslBinding()
.ForHostname("my.hostname")
.WithPfxByteArrayToUpload(certBytes, "password")
.WithSniBasedSsl()
.Attach()
.Apply();
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.