Hi guys, is there any particular reason why creating a certificate resource using next-gen requires keyvault? The terraform provider allows to create based on a pfxblob (based64 encoded string), it didn't work for me tho

It doesn’t require KeyVault, AFAIK. What’s your code and the error that you get?

Using the terraform provider I've tried this:

var cert = new Azure.AppService.Certificate("cert-identityserver-dev", new Azure.AppService.CertificateArgs {
            ResourceGroupName = resourceGroup.Name,
            Name = "cert-identity-dev",
            Password = certificatePassword,
            PfxBlob = base64cert,
            
        }, new CustomResourceOptions { DependsOn = identityServerAppPlan });

        CertificateThumbprint = cert.Thumbprint;

Pulumi up detects the changes correctly but when applying it hangs for about 7minutes and then I'm given a generic error:

azure:appservice:Certificate (cert-identityserver-dev):
    error: Error creating/updating App Service Certificate "cert-identity-dev" (Resource Group "rg-test-dev244b9b58"): web.CertificatesClient#CreateOrUpdate: Failure responding to request: StatusCode=500 -- Original Error: autorest/azure: Service returned an error. Status=500 Code="" Message="An error has occurred."

This is probably the resource you are looking for https://www.pulumi.com/docs/reference/pkg/azure-nextgen/web/certificate/

Oh okay I see, thank you for that I'll give it a go. In the meantime, any idea why that code I shared hangs and then errors? Is there anything you can tell is wrong?

Not really… 500 clearly comes from the Azure service and I don’t think that’s how it’s supposed to respond, doh. I don’t have much experience with this resource, unfortunately.

No worries thank you very much. I'm quite new to pulumi so it's not always easy to tell what went wrong 😉 I'm going to try the next-gen and see how it goes.

I was struggling with this kind of error too, the best way to debug it, was by looking at the activity log of the resource group

That's a very good pointer, I'll have a look thank you 🙂

the thing I had to realise, is that you must create the app service plan before adding any certificates, otherwise it did not work

Were you using terraform based provider or the next-gen?

next-gen

Hi @glamorous-helmet-50600 I've just responded to your support email. I managed to create a pfx certificate and using your code create a (non-next gen) certificate resource. Can you check to make sure you've created your certificate correctly

Hi @brave-planet-10645 Thank you for the response 🙂 I thought initially that it could be something with the certificate but I did try to manually upload it to the app service and worked just fine. Perhaps something wrong with how I'm converting to Base64:

var certificatePath = identityConfig.Require("certificatePath");
        var certificatePassword = identityConfig.RequireSecret("certPassword");
        var certFileBytes = File.ReadAllBytes(certificatePath);
        var base64cert = Convert.ToBase64String(certFileBytes);

I hard coded the path to my cert, but my code looks like this:

var certificatePath = "./key.pfx";
        var certificatePassword = config.RequireSecret("certPassword");
        var certFileBytes = File.ReadAllBytes(certificatePath);
        var base64cert = Convert.ToBase64String(certFileBytes);

Right, strange it didn't work for me. I'll give it another try soon with some tweaks to make it like yours. Thanks once again