This message was deleted.

It doesn’t require KeyVault, AFAIK. What’s your code and the error that you get?

Using the terraform provider I've tried this:

var cert = new Azure.AppService.Certificate("cert-identityserver-dev", new Azure.AppService.CertificateArgs {
            ResourceGroupName = resourceGroup.Name,
            Name = "cert-identity-dev",
            Password = certificatePassword,
            PfxBlob = base64cert,
            
        }, new CustomResourceOptions { DependsOn = identityServerAppPlan });

        CertificateThumbprint = cert.Thumbprint;

Pulumi up detects the changes correctly but when applying it hangs for about 7minutes and then I'm given a generic error:

azure:appservice:Certificate (cert-identityserver-dev):
    error: Error creating/updating App Service Certificate "cert-identity-dev" (Resource Group "rg-test-dev244b9b58"): web.CertificatesClient#CreateOrUpdate: Failure responding to request: StatusCode=500 -- Original Error: autorest/azure: Service returned an error. Status=500 Code="" Message="An error has occurred."

This is probably the resource you are looking for https://www.pulumi.com/docs/reference/pkg/azure-nextgen/web/certificate/

Oh okay I see, thank you for that I'll give it a go. In the meantime, any idea why that code I shared hangs and then errors? Is there anything you can tell is wrong?

Not really… 500 clearly comes from the Azure service and I don’t think that’s how it’s supposed to respond, doh. I don’t have much experience with this resource, unfortunately.

No worries thank you very much. I'm quite new to pulumi so it's not always easy to tell what went wrong 😉 I'm going to try the next-gen and see how it goes.

I was struggling with this kind of error too, the best way to debug it, was by looking at the activity log of the resource group

That's a very good pointer, I'll have a look thank you 🙂

the thing I had to realise, is that you must create the app service plan before adding any certificates, otherwise it did not work

Were you using terraform based provider or the next-gen?

next-gen

Hi @glamorous-helmet-50600 I've just responded to your support email. I managed to create a pfx certificate and using your code create a (non-next gen) certificate resource. Can you check to make sure you've created your certificate correctly

Hi @brave-planet-10645 Thank you for the response 🙂 I thought initially that it could be something with the certificate but I did try to manually upload it to the app service and worked just fine. Perhaps something wrong with how I'm converting to Base64:

var certificatePath = identityConfig.Require("certificatePath");
        var certificatePassword = identityConfig.RequireSecret("certPassword");
        var certFileBytes = File.ReadAllBytes(certificatePath);
        var base64cert = Convert.ToBase64String(certFileBytes);

I hard coded the path to my cert, but my code looks like this:

var certificatePath = "./key.pfx";
        var certificatePassword = config.RequireSecret("certPassword");
        var certFileBytes = File.ReadAllBytes(certificatePath);
        var base64cert = Convert.ToBase64String(certFileBytes);

Right, strange it didn't work for me. I'll give it another try soon with some tweaks to make it like yours. Thanks once again