https://pulumi.com logo
#azure
Title
# azure
t

tall-umbrella-92870

01/29/2024, 2:24 PM
I have this code snippet in place:
Copy code
var certificateName = ResourceName("certificate");
        var managedCertificate = new Certificate(certificateName, new CertificateArgs
        {
            Location = location,
            ResourceGroupName = resourceGroup.Name,
            HostNames = new [] { customDomainName },
            CanonicalName = customDomainName,
            ServerFarmId = appService.ServerFarmId!
        });

        var customDomainBindingName = ResourceName("customDomainBinding");
        var customHostNameBinding = new WebAppHostNameBinding(customDomainBindingName, new WebAppHostNameBindingArgs
        {
            Name = appService.Name,
            ResourceGroupName = resourceGroup.Name,
            SiteName = appService.Name,
            HostName = customDomainName,
            SslState = SslState.SniEnabled,
            Thumbprint = managedCertificate.Thumbprint
        });
But i get the following error when running pulumi up: error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="Properties.CanonicalName is invalid. Certificate creation requires hostname XXX added to an App Service in the serverFarm /subscriptions/XXX/resourceGroups/XXX/providers/Microsoft.Web/serverfarms/XXX." It works only if I first deploy the custom domain binding without the certificate, and then add the certificate in a new run...
a

adventurous-butcher-54166

01/30/2024, 6:58 PM
It's a known problem – there's a cyclic dependency in the Azure API itself so this isn't possible in a single run without some kind of hacks. Cert creation depends on custom domain to be deployed and to update the SSL binding on the custom domain it needs to know the cert thumbprint.
Pulumi has explored some possible solutions that might be implemented in the future: https://www.pulumi.com/blog/exploring-circular-dependencies/
t

tall-umbrella-92870

01/31/2024, 11:47 AM
Thank you for the detailed info!