# general


06/01/2022, 10:24 PM
Still looking for a fix for enabling Azure managed certificates on a Web App - specifically using a traffic manager in front of the endpoints which allows https.
It looks like Azure / Pulumi integration is not great currently. The docs are not very good at explaining how or what to pass into the binding to get it working as expected. Would love for someone to look into this issue further 🙂
Looks like its related to this open issue: I will try some solutions today.


06/01/2022, 11:10 PM
Ha I was about to paste you the link to that issue... it sucked my soul for days to get to a fix for those certs. Try my workaround with the two passes
And also consider whether you need Web App, or could you do your deployment using Static Site?
We've since switched most of our code to static sites and it's cut our pulumi resources down to 10% of what they were before, lot less complexity and Azure cost


06/01/2022, 11:30 PM
Hey Marko, Ill give it a try now
👍 1
Sadly we still have issues, even by creating a binding before the certificate, and then re-running, the binding cannot be updated. Pulumi wants to remove and re-create it, which It cannot do as its already in use.
Following a similar process as you, where we had a catch for when a binding did not exist, then when it did exist, create the cert and update the binding.
Here is what happens when I try update the binding after creating the certificate. It tries to replace the current binding; but this does not work as we get another error, which states that we can only remove the domain via the traffic manager (remove the endpoint I assume). I pretty much followed your suggestion. Just wondering if we can force that existing binding to be updated instead of removed?
So the steps taken to reproduce: 1. Create a Azure Webapp 2. Create the a traffic manager profile and an external endpoint, pointing to the app. 3. Create a base hostname binding, without
set, this links the app to the traffic manager endpoint. 4. Create the certificate on that app, which points to the Traffic Manager endpoint we setup earlier. 5. Update the hostname binding with the
set. a. This is where I am stuck, it wants to delete and re-create this, but It cannot as it is in use by the traffic manager endpoint that was created.) b. We also cannot remove the endpoint, and the original binding in the app is using it, creating our circular dependency.