I am trying to create a shell script to automate the creation of a managed certificate for a Custom Domain for a Azure Container App using az CLI.
The problem I am experiencing is related to an error thrown by the az CLI command to bind and existing certificate to an existing Custom Domain, the error specifically says that a certificate with the specified name does not exists in Container App Environment.
My next step was to use the following command to add the Custom Domain:
az containerapp hostname add -n $CONTAINER_APP_NAME -g $RESOURCE_GROUP --hostname $CUSTOM_DOMAIN --output none
create the certificate inside the CA Environment and obtain its name:
az containerapp env certificate create -g $RESOURCE_GROUP -n $CONTAINER_APP_ENV_NAME --hostname $CUSTOM_DOMAIN --validation-method CNAME --query "name" --output tsv
and finally bind the certificate to the hostname, specifying the name of the certificate obtained before.
az containerapp hostname bind -g $RESOURCE_GROUP -n $CONTAINER_APP_NAME --hostname $CUSTOM_DOMAIN --environment $CONTAINER_APP_ENV_NAME --certificate $MANAGED_CERTIFICATE_NAME --validation-method CNAME --output none
This last command terminated with an error saying that a certificate with the given name does not exists in the specified Environment.
I already created the Container Apps Environment HelloWold-Env and the Container App helloworld using Azure Portal; also, before executing the last command, I tried using the following command to list all certificates present in the Container App Environment:
az containerapp env certificate list -g $RESOURCE_GROUP -n $CONTAINER_APP_ENV_NAME --managed-certificates-only --output tsv
and it actually shows the certificate as created and succesfully provisioned, I checked the name obtained with this command and the name that is returned after the creation command and they match, as well as verifying all this on Azure Portal.
Can someone help? Could this be a bug in the CLI implementation? I thought about implementing a solution using REST API calls directly but before diving into that I wanted to understand if I am missing something obvious.
Thanks to @Arko comments, I tried inspecting the status of the certificate further and discovered that it was actually already correctly provisioned (status Succeded) but the bind command still gave me the same error.
I solved my issue by using the resource ID of the certificate, instead of its name, when specifying the certificate in the az containerapp hostname bind command.
To obtain the resource ID I modified the query of the az containerapp env certificate create command, querying for "id" instead of name:
az containerapp env certificate create -g $RESOURCE_GROUP -n $CONTAINER_APP_ENV_NAME --hostname $CUSTOM_DOMAIN --validation-method CNAME --query "id" --output tsv
I do not know the origin of the issue but I suppose that it could be related to the configuration of my account and the permissions that my account has on the resources I create, since the permissions are managed by my university.