Hi all! First time posting - have an issue with creating a managed certificate for a container app (want to associate a custom domain). Seems like a chicken/egg situation where domain needs to be associated with workspace but that can't be done without domain existing in the ContainerApp which then requires a certificate id.... and the loop goes on.... Any ideas on how we can achieve this? We're not bound to managed certs and happy to use let's encrypt if needs be.

You should be able to create the domain first, then the certificate, then you can associate it with something. You don't need to associate the domain with a workspace until you create a workspace.

Thanks for your reply @little-cartoon-10569 - we have a domain name, and have the ability to generate a managed certificate. The issue that when we try and add custom domain to our container app, pulumi (or azure really) complains that the manager certificate requires the specified host name added as a custom host name to container app in environemnt.... seems like a circular dependency to me unless I have misunderstood?

A certificate requires something? Seems odd. It's just a static file. When I create a certificate, I can set any subject alternative names I want. Can you really not finish creating the certificate until after the container app has been deployed? I'm afraid that's beyond my understanding and ability to help.

So to be clear: • Managed Environment can be created • Container App can be created • Managed Certificate can be created When I try and set the CustomDomain in the ContainerApp - you must set BindingType, HostName and Certificate Id - this Id is being set to the Managed Certificate ID. However, I get a complaint saying...

That error message suggests to me that it's trying to create a new managed certificate, rather than using the one you're providing. Could that be right?

that;s correct - I'm asking Azure to create me a new managed certificate (as it's free)

So you've created a managed certificate, then when creating the CustomDomain, you're asking for a second managed certificate to be created? Could that be the issue?

I don't believe so - seems like there may be a way in which via Azure Classic library on creating a DNS Zone, TXT Record and CustomDomain - however, still a bit of an issue as wanting to use Managed Certificates seem to be problematic...

You have created a certificate and want to use it, and it exists. Then you create another resource and it gives an error saying "I've tried to create a certificate but it isn't working". Is that right? If it is, then the problem is (or seems to be) that the resource that is trying to create a certificate shouldn't be doing that. You need to find what arguments you need to pass to it in order to make it not create another certificate, and instead use the one that you've already created correctly. Sorry if I'm misunderstanding.

Hey @little-cartoon-10569 - no thanks for your feedback and it's probably more I have not explained (I have raised with pulumi support now) but to be clear this is way I am doing: • Create a Managed Environment • Create a Managed Certificate (which lives within Managed Environment) • Associate Managed Certificate with ContainerApp (which lives within Managed Environment) by Id • The problem comes when it creates the Managed Certificate (which has a specific domain name) - Pulumi / Azure complains a conatiner app must have a domain name of the same name associated to it - but that is exactly what I'n trying to do - and that cannot be done it seems without specifiying a certificate Id.... So seems like a circular dependancy...

I don't see the circular part. The certificate already exists at that time. The error message implies that the container app is attempting to create a certificate, but you want it to not create the certificate, because you've already created it and want to use that one.

Message="Creating managed certificate requires hostname 'myhostname.com' ....

It's not "using existing...", it's "Creating...."