No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

It's a known problem – there's a cyclic dependency in the Azure API itself so this isn't possible in a single run without some kind of hacks.

Cert creation depends on custom domain to be deployed and to update the SSL binding on the custom domain it needs to know the cert thumbprint.

<https://github.com/pulumi/pulumi-azure-native/issues/578>

Pulumi has explored some possible solutions that might be implemented in the future:
<https://www.pulumi.com/blog/exploring-circular-dependencies/>