Open ezYakaEagle442 opened 2 years ago
Currently, asa does not support cert auto renewal. Since the cert is stored in user's keyvault, asa does not know the status of the cert and may also cannot access to the resource. We've backlog this request and may plan it in future.
Customer need to manual update the cert. Firstly, import the cert "newcert", then update the cert by "az spring-cloud app custom-domain update -s {serviceName} -g {resourceGroup} --app {appName} --domain-name {domainName} --certificate newcert"
Hi, Even if asa isn't aware of the original certificate in the keyvault, we should be able to update the certificate which is stored in asa under the same name, at least, with a command like:
az spring certificate add -g resourcegroup -s asaname --name cert-name-in-asa --vault-uri https://kv-name.vault.azure.net --vault-certificate-name cert-name-in-kv
But, as the certificate already exists with the name cert-name-in-asa
in the azure spring apps it will fail with the message:
ERROR: Certificate with name 'cert-name-in-asa' already exists
, even if the certificate in the keyvault has changed, it won't update it
But it would of course be great that asa autmatically update his certificate from the original one from the keyvault :)
@allxiao , I suppose updating same cert is surely supported to override the old one with same name. Could you please ask corresponding engineer to comment here?
https://learn.microsoft.com/en-us/azure/spring-apps/tutorial-custom-domain?tabs=Azure-portal#import-certificate show how to import a Certificate from KV when setting up Custom Domain in KV. However While KV supports certificate rotation, the Certificate is not updated then in ASA.
To Reproduce Steps to reproduce the behavior:
Expected behavior The Custom Domain Certificate should be updated in ASA
Screenshots N/A
Additional context None