search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.94k stars 2.92k forks source link

az functionapp config ssl bind says thumbprint not found #28480

Open deanm0000 opened 5 months ago

deanm0000 commented 5 months ago

Describe the bug

When I run the command...

az functionapp config ssl bind \
    --certificate-thumbprint $thumbprint \
    --ssl-type SNI \
    --name "app-$func_name" \
    --resource-group $my_rg \
    --verbose

it takes about 9 seconds for it to finally say Certificate for thumbprint '{actual_thumbprint}' not found. Additionally when I run

 az functionapp config ssl list -g $my_rg

it only lists one cert, not all of them.

Related command

az functionapp create
az network dns record-set txt add-record
az network dns record-set cname create
az network dns record-set cname set-record
az functionapp config hostname add
az functionapp config ssl create
az functionapp config ssl bind

Errors

Certificate for thumbprint '{actual_thumbprint}' not found.

Issue script & Debug output

DEBUG: cli.knack.cli: Command arguments: ['functionapp', 'config', 'ssl', 'bind', '--certificate-thumbprint', '{actual_thumbprint}', '--ssl-type', 'SNI', '--name', 'app-testtestabc', '--resource-group', '{my_rg}', '--debug']
DEBUG: cli.knack.cli: __init__ debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x01E08D60>, <function OutputProducer.on_global_arguments at 0x01FCD6A0>, <function CLIQuery.on_global_arguments at 0x01FEB2F8>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'functionapp': ['azure.cli.command_modules.appservice']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name                  Load Time    Groups  Commands
DEBUG: cli.azure.cli.core: appservice                0.158        66       240
DEBUG: cli.azure.cli.core: Total (1)                 0.158        66       240
DEBUG: cli.azure.cli.core: Loaded 66 groups, 240 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command  : functionapp config ssl bind
DEBUG: cli.azure.cli.core: Command table: functionapp config ssl bind
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x04383808>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\me\.azure\commands\2024-02-28.15-53-20.functionapp_config_ssl_bind.28000.log'.
INFO: az_command_data_logger: command args: functionapp config ssl bind --certificate-thumbprint {} --ssl-type {} --name {} --resource-group {} --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.<locals>.add_subscription_parameter at 0x043BB3D0>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument.<locals>.add_ids_arguments at 0x043BB460>, <function register_cache_arguments.<locals>.add_cache_arguments at 0x043CA9B8>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x01FCD6E8>, <function CLIQuery.handle_query_parameter at 0x01FEB340>, <function register_ids_argument.<locals>.parse_ids_arguments at 0x043CA970>]
DEBUG: cli.azure.cli.core.commands.client_factory: Getting management service client client_type=WebSiteManagementClient
DEBUG: cli.azure.cli.core.auth.persistence: build_persistence: location='C:\\Users\\me\\.azure\\msal_token_cache.bin', encrypt=True
DEBUG: cli.azure.cli.core.auth.binary_cache: load: C:\Users\me\.azure\msal_http_cache.bin
DEBUG: urllib3.util.retry: Converted retries value: 1 -> Retry(total=1, connect=None, read=None, redirect=None, status=None)
DEBUG: msal.authority: openid_config = {'token_endpoint': 'https://login.microsoftonline.com/{some_uuid}/oauth2/v2.0/token', 'token_endpoint_auth_methods_supported': ['client_secret_post', 'private_key_jwt', 'client_secret_basic'], 'jwks_uri': 'https://login.microsoftonline.com/{some_uuid}/discovery/v2.0/keys', 'response_modes_supported': ['query', 'fragment', 'form_post'], 'subject_types_supported': ['pairwise'], 'id_token_signing_alg_values_supported': ['RS256'], 'response_types_supported': ['code', 'id_token', 'code id_token', 'id_token token'], 'scopes_supported': ['openid', 'profile', 'email', 'offline_access'], 'issuer': 'https://login.microsoftonline.com/{some_uuid}/v2.0', 'request_uri_parameter_supported': False, 'userinfo_endpoint': 'https://graph.microsoft.com/oidc/userinfo', 'authorization_endpoint': 'https://login.microsoftonline.com/{some_uuid}/oauth2/v2.0/authorize', 'device_authorization_endpoint': 'https://login.microsoftonline.com/{some_uuid}/oauth2/v2.0/devicecode', 'http_logout_supported': True, 'frontchannel_logout_supported': True, 'end_session_endpoint': 'https://login.microsoftonline.com/{some_uuid}/oauth2/v2.0/logout', 'claims_supported': ['sub', 'iss', 'cloud_instance_name', 'cloud_instance_host_name', 'cloud_graph_host_name', 'msgraph_host', 'aud', 'exp', 'iat', 'auth_time', 'acr', 'nonce', 'preferred_username', 'name', 'tid', 'ver', 'at_hash', 'c_hash', 'email'], 'kerberos_endpoint': 'https://login.microsoftonline.com/{some_uuid}/kerberos', 'tenant_region_scope': 'EU', 'cloud_instance_name': 'microsoftonline.com', 'cloud_graph_host_name': 'graph.windows.net', 'msgraph_host': 'graph.microsoft.com', 'rbac_url': 'https://pas.windows.net'}
DEBUG: cli.azure.cli.core.auth.credential_adaptor: CredentialAdaptor.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
DEBUG: cli.azure.cli.core.auth.msal_authentication: UserCredential.get_token: scopes=('https://management.core.windows.net//.default',), kwargs={}
DEBUG: msal.application: Cache hit an AT
DEBUG: msal.telemetry: Generate or reuse correlation_id: c6f203df-065e-4790-b78f-e5dbe7dd8a79
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/sites/app-testtestabc?api-version=2021-03-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '679145c5-d67b-11ee-868e-683e263db24b'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'functionapp config ssl bind'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--certificate-thumbprint --ssl-type --name --resource-group --debug'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.37.0 azsdk-python-azure-mgmt-web/6.1.0 Python/3.10.4 (Windows-10-10.0.19045-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: Starting new HTTPS connection (1): management.azure.com:443
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/sites/app-testtestabc?api-version=2021-03-01 HTTP/1.1" 200 7334
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '7334'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'ETag': '"1DA6A82EA1ED6F5"'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': 'b1572013-d442-4a84-b906-312e794e9585'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-AspNet-Version': '4.0.30319'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Powered-By': 'ASP.NET'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11999'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': '0971a225-ce59-4851-9675-403603946034'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'EASTUS:20240228T205321Z:0971a225-ce59-4851-9675-403603946034'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: CB30F3073C0E4B6B954BA5B0955148BF Ref B: BN1AA2051015029 Ref C: 2024-02-28T20:53:21Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 28 Feb 2024 20:53:20 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"id":"/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/sites/app-testtestabc","name":"app-testtestabc","type":"Microsoft.Web/sites","kind":"functionapp,linux","location":"East US","tags":{"billingIdentifier":"Segment Support Projects AMER (Danielson, MacGregor)","legalEntity":"USSP","region":"AMER","resourceOwner":"segment.projects.amer@baywa-re.com"},"properties":{"name":"app-testtestabc","state":"Running","hostNames":["testtestabc.usspapps.com","app-testtestabc.azurewebsites.net"],"webSpace":"{my_rg}-EastUSwebspace-Linux","selfLink":"https://waws-prod-blu-089.api.azurewebsites.windows.net:454/subscriptions/{my_sub_uuid}/webspaces/{my_rg}-EastUSwebspace-Linux/sites/app-testtestabc","repositorySiteName":"app-testtestabc","owner":null,"usageState":"Normal","enabled":true,"adminEnabled":true,"afdEnabled":false,"enabledHostNames":["testtestabc.usspapps.com","app-testtestabc.azurewebsites.net","app-testtestabc.scm.azurewebsites.net"],"siteProperties":{"metadata":null,"properties":[{"name":"LinuxFxVersion","value":"Python|3.11"},{"name":"WindowsFxVersion","value":null}],"appSettings":null},"availabilityState":"Normal","sslCertificates":null,"csrs":[],"cers":null,"siteMode":null,"hostNameSslStates":[{"name":"app-testtestabc.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"virtualIPv6":null,"thumbprint":null,"certificateResourceId":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"testtestabc.usspapps.com","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"virtualIPv6":null,"thumbprint":null,"certificateResourceId":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Standard"},{"name":"app-testtestabc.scm.azurewebsites.net","sslState":"Disabled","ipBasedSslResult":null,"virtualIP":null,"virtualIPv6":null,"thumbprint":null,"certificateResourceId":null,"toUpdate":null,"toUpdateIpBasedSsl":null,"ipBasedSslState":"NotConfigured","hostType":"Repository"}],"computeMode":null,"serverFarm":null,"serverFarmId":"/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/serverfarms/ASP-app-ercosppprices-3bdf","reserved":true,"isXenon":false,"hyperV":false,"lastModifiedTimeUtc":"2024-02-28T20:15:46.7033333","storageRecoveryDefaultState":"Running","contentAvailabilityState":"Normal","runtimeAvailabilityState":"Normal","dnsConfiguration":{},"vnetRouteAllEnabled":false,"containerAllocationSubnet":null,"useContainerLocalhostBindings":null,"vnetImagePullEnabled":false,"vnetContentShareEnabled":false,"siteConfig":{"numberOfWorkers":1,"defaultDocuments":null,"netFrameworkVersion":null,"phpVersion":null,"pythonVersion":null,"nodeVersion":null,"powerShellVersion":null,"linuxFxVersion":"Python|3.11","windowsFxVersion":null,"windowsConfiguredStacks":null,"requestTracingEnabled":null,"remoteDebuggingEnabled":null,"remoteDebuggingVersion":null,"httpLoggingEnabled":null,"azureMonitorLogCategories":null,"acrUseManagedIdentityCreds":false,"acrUserManagedIdentityID":null,"logsDirectorySizeLimit":null,"detailedErrorLoggingEnabled":null,"publishingUsername":null,"publishingPassword":null,"appSettings":null,"metadata":null,"connectionStrings":null,"machineKey":null,"handlerMappings":null,"documentRoot":null,"scmType":null,"use32BitWorkerProcess":null,"webSocketsEnabled":null,"alwaysOn":false,"javaVersion":null,"javaContainer":null,"javaContainerVersion":null,"appCommandLine":null,"managedPipelineMode":null,"virtualApplications":null,"winAuthAdminState":null,"winAuthTenantState":null,"customAppPoolIdentityAdminState":null,"customAppPoolIdentityTenantState":null,"runtimeADUser":null,"runtimeADUserPassword":null,"loadBalancing":null,"routingRules":null,"experiments":null,"limits":null,"autoHealEnabled":null,"autoHealRules":null,"tracingOptions":null,"vnetName":null,"vnetRouteAllEnabled":null,"vnetPrivatePortsCount":null,"publicNetworkAccess":null,"cors":null,"push":null,"apiDefinition":null,"apiManagementConfig":null,"autoSwapSlotName":null,"localMySqlEnabled":null,"managedServiceIdentityId":null,"xManagedServiceIdentityId":null,"keyVaultReferenceIdentity":null,"ipSecurityRestrictions":null,"ipSecurityRestrictionsDefaultAction":null,"scmIpSecurityRestrictions":null,"scmIpSecurityRestrictionsDefaultAction":null,"scmIpSecurityRestrictionsUseMain":null,"http20Enabled":true,"minTlsVersion":null,"minTlsCipherSuite":null,"supportedTlsCipherSuites":null,"scmMinTlsVersion":null,"ftpsState":null,"preWarmedInstanceCount":null,"functionAppScaleLimit":200,"elasticWebAppScaleLimit":null,"healthCheckPath":null,"fileChangeAuditEnabled":null,"functionsRuntimeScaleMonitoringEnabled":null,"websiteTimeZone":null,"minimumElasticInstanceCount":0,"azureStorageAccounts":null,"http20ProxyFlag":null,"sitePort":null,"antivirusScanEnabled":null,"storageType":null,"sitePrivateLinkHostEnabled":null},"functionAppConfig":null,"daprConfig":null,"deploymentId":"app-testtestabc","slotName":null,"trafficManagerHostNames":null,"sku":"Dynamic","scmSiteAlsoStopped":false,"targetSwapSlot":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"clientAffinityEnabled":false,"clientCertEnabled":false,"clientCertMode":"Required","clientCertExclusionPaths":null,"hostNamesDisabled":false,"ipMode":"IPv4","vnetBackupRestoreEnabled":false,"domainVerificationIdentifiers":null,"customDomainVerificationId":"2C7D7F27B4AE5ED68E5B957B9EB8A93B0BA73E2EE823FD526FFD30B912A5D0BC","kind":"functionapp,linux","managedEnvironmentId":null,"workloadProfileName":null,"resourceConfig":null,"inboundIpAddress":"40.71.177.34","possibleInboundIpAddresses":"40.71.177.34","ftpUsername":"app-testtestabc\\$app-testtestabc","ftpsHostName":"ftps://waws-prod-blu-089.ftp.azurewebsites.windows.net/site/wwwroot","outboundIpAddresses":"40.71.1.129,52.170.233.65,40.71.3.54,52.191.115.185,40.71.177.34","possibleOutboundIpAddresses":"40.71.1.129,52.170.233.65,40.71.3.54,52.191.115.185,104.211.20.160,104.211.22.67,20.253.0.46,20.253.0.172,20.253.0.252,20.253.1.6,20.253.1.7,20.253.3.130,20.83.130.84,20.83.130.143,20.83.131.80,20.83.131.189,20.83.131.228,20.83.131.238,40.71.177.34","containerSize":0,"dailyMemoryTimeQuota":0,"suspendedTill":null,"siteDisabledReason":0,"functionExecutionUnitsCache":null,"maxNumberOfWorkers":null,"homeStamp":"waws-prod-blu-089","cloningInfo":null,"hostingEnvironmentId":null,"tags":{"billingIdentifier":"Segment Support Projects AMER (Danielson, MacGregor)","legalEntity":"USSP","region":"AMER","resourceOwner":"segment.projects.amer@baywa-re.com"},"resourceGroup":"{my_rg}","defaultHostName":"app-testtestabc.azurewebsites.net","slotSwapStatus":null,"httpsOnly":false,"endToEndEncryptionEnabled":false,"functionsRuntimeAdminIsolationEnabled":false,"redundancyMode":"None","inProgressOperationId":null,"geoDistributions":null,"privateEndpointConnections":[],"publicNetworkAccess":null,"buildVersion":null,"targetBuildVersion":null,"migrationState":null,"eligibleLogCategories":"FunctionAppLogs","inFlightFeatures":["SiteContainers"],"storageAccountRequired":false,"virtualNetworkSubnetId":null,"keyVaultReferenceIdentity":"SystemAssigned","defaultHostNameScope":"Global","privateLinkIdentifiers":null,"sshEnabled":null}}
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates?api-version=2021-03-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '679145c5-d67b-11ee-868e-683e263db24b'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'functionapp config ssl bind'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--certificate-thumbprint --ssl-type --name --resource-group --debug'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.37.0 azsdk-python-azure-mgmt-web/6.1.0 Python/3.10.4 (Windows-10-10.0.19045-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates?api-version=2021-03-01 HTTP/1.1" 200 1179
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '1179'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': 'cf95c85d-3d94-47c7-9137-5c414c8db712'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-AspNet-Version': '4.0.30319'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Powered-By': 'ASP.NET'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11998'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': 'cc279a16-7cd2-4c18-a219-c956d31f38cc'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'EASTUS:20240228T205321Z:cc279a16-7cd2-4c18-a219-c956d31f38cc'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: 0E256F6779BA4C7EAE70A3BBC90F1391 Ref B: BN1AA2051015029 Ref C: 2024-02-28T20:53:21Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 28 Feb 2024 20:53:20 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"value":[{"id":"/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates/dash.usspapps.com-app-dash-undefined","name":"dash.usspapps.com-app-dash-undefined","type":"Microsoft.Web/certificates","location":"East US","tags":{"legalEntity":"USSP","resourceOwner":"segment.projects.amer@baywa-re.com","region":"AMER","billingIdentifier":"Segment Support Projects AMER (Danielson, MacGregor)"},"properties":{"password":null,"friendlyName":"","subjectName":"dash.usspapps.com","hostNames":["dash.usspapps.com"],"pfxBlob":null,"siteName":null,"selfLink":null,"issuer":"GeoTrust Global TLS RSA4096 SHA256 2022 CA1","issueDate":"2023-10-20T00:00:00+00:00","expirationDate":"2024-04-20T23:59:59+00:00","thumbprint":"200D5031374761F1789B8618228134DAC493BEBE","valid":null,"toDelete":null,"cerBlob":null,"publicKeyHash":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"keyVaultId":"","keyVaultSecretName":"","keyVaultSecretStatus":"Succeeded","webSpace":"{my_rg}-EastUSwebspace-Linux","serverFarmId":null,"canonicalName":"dash.usspapps.com","tags":null,"resourceGroup":"{my_rg}"}}],"nextLink":null,"id":null}
DEBUG: cli.azure.cli.core.sdk.policies: Request URL: 'https://management.azure.com/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates?api-version=2021-03-01'
DEBUG: cli.azure.cli.core.sdk.policies: Request method: 'GET'
DEBUG: cli.azure.cli.core.sdk.policies: Request headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Accept': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-client-request-id': '679145c5-d67b-11ee-868e-683e263db24b'
DEBUG: cli.azure.cli.core.sdk.policies:     'CommandName': 'functionapp config ssl bind'
DEBUG: cli.azure.cli.core.sdk.policies:     'ParameterSetName': '--certificate-thumbprint --ssl-type --name --resource-group --debug'
DEBUG: cli.azure.cli.core.sdk.policies:     'User-Agent': 'AZURECLI/2.37.0 azsdk-python-azure-mgmt-web/6.1.0 Python/3.10.4 (Windows-10-10.0.19045-SP0)'
DEBUG: cli.azure.cli.core.sdk.policies:     'Authorization': '*****'
DEBUG: cli.azure.cli.core.sdk.policies: Request body:
DEBUG: cli.azure.cli.core.sdk.policies: This request has no body
DEBUG: urllib3.connectionpool: https://management.azure.com:443 "GET /subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates?api-version=2021-03-01 HTTP/1.1" 200 1179
DEBUG: cli.azure.cli.core.sdk.policies: Response status: 200
DEBUG: cli.azure.cli.core.sdk.policies: Response headers:
DEBUG: cli.azure.cli.core.sdk.policies:     'Cache-Control': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Pragma': 'no-cache'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Length': '1179'
DEBUG: cli.azure.cli.core.sdk.policies:     'Content-Type': 'application/json'
DEBUG: cli.azure.cli.core.sdk.policies:     'Expires': '-1'
DEBUG: cli.azure.cli.core.sdk.policies:     'Strict-Transport-Security': 'max-age=31536000; includeSubDomains'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-request-id': '09d8fe06-2d36-4151-8b66-bffd0b46f2e6'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-AspNet-Version': '4.0.30319'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Powered-By': 'ASP.NET'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-ratelimit-remaining-subscription-reads': '11999'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-correlation-request-id': 'ad1eddba-e559-45e4-94ae-1579c4d04d42'
DEBUG: cli.azure.cli.core.sdk.policies:     'x-ms-routing-request-id': 'EASTUS:20240228T205321Z:ad1eddba-e559-45e4-94ae-1579c4d04d42'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Content-Type-Options': 'nosniff'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-Cache': 'CONFIG_NOCACHE'
DEBUG: cli.azure.cli.core.sdk.policies:     'X-MSEdge-Ref': 'Ref A: EFE20AF96B32477AB3825FD2BA4DBF9A Ref B: BN1AA2051015029 Ref C: 2024-02-28T20:53:21Z'
DEBUG: cli.azure.cli.core.sdk.policies:     'Date': 'Wed, 28 Feb 2024 20:53:21 GMT'
DEBUG: cli.azure.cli.core.sdk.policies: Response content:
DEBUG: cli.azure.cli.core.sdk.policies: {"value":[{"id":"/subscriptions/{my_sub_uuid}/resourceGroups/{my_rg}/providers/Microsoft.Web/certificates/dash.usspapps.com-app-dash-undefined","name":"dash.usspapps.com-app-dash-undefined","type":"Microsoft.Web/certificates","location":"East US","tags":{"legalEntity":"USSP","resourceOwner":"segment.projects.amer@baywa-re.com","region":"AMER","billingIdentifier":"Segment Support Projects AMER (Danielson, MacGregor)"},"properties":{"password":null,"friendlyName":"","subjectName":"dash.usspapps.com","hostNames":["dash.usspapps.com"],"pfxBlob":null,"siteName":null,"selfLink":null,"issuer":"GeoTrust Global TLS RSA4096 SHA256 2022 CA1","issueDate":"2023-10-20T00:00:00+00:00","expirationDate":"2024-04-20T23:59:59+00:00","thumbprint":"200D5031374761F1789B8618228134DAC493BEBE","valid":null,"toDelete":null,"cerBlob":null,"publicKeyHash":null,"hostingEnvironment":null,"hostingEnvironmentProfile":null,"keyVaultId":"","keyVaultSecretName":"","keyVaultSecretStatus":"Succeeded","webSpace":"{my_rg}-EastUSwebspace-Linux","serverFarmId":null,"canonicalName":"dash.usspapps.com","tags":null,"resourceGroup":"{my_rg}"}}],"nextLink":null,"id":null}
DEBUG: cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
DEBUG: cli.azure.cli.core.util: Traceback (most recent call last):
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\knack/cli.py", line 231, in invoke
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 663, in execute
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 726, in _run_jobs_serially
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 718, in _run_job
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/appservice/commands.py", line 39, in _ex_handler
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 697, in _run_job
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/__init__.py", line 333, in __call__
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/core/commands/command_operation.py", line 121, in handler
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/appservice/custom.py", line 2842, in bind_ssl_cert
  File "D:\a\1\s\build_scripts\windows\artifacts\cli\Lib\site-packages\azure/cli/command_modules/appservice/custom.py", line 2837, in _update_ssl_binding
azure.cli.core.azclierror.ResourceNotFoundError: Certificate for thumbprint '{actual_thumbprint}' not found.

ERROR: cli.azure.cli.core.azclierror: Certificate for thumbprint '{actual_thumbprint}' not found.
ERROR: az_command_data_logger: Certificate for thumbprint '{actual_thumbprint}' not found.
DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x04383928>]
INFO: az_command_data_logger: exit code: 3
INFO: cli.__main__: Command ran in 2.318 seconds (init: 0.512, invoke: 1.806)
INFO: telemetry.save: Save telemetry record of length 3103 in cache
WARNING: telemetry.check: Negative: The C:\Users\me\.azure\telemetry.txt was modified at 2024-02-28 15:51:23.476812, which in less than 600.000000 s

Expected behavior

It should work.

Environment Summary

azure-cli 2.37.0 *

core 2.37.0 telemetry 1.0.6

Dependencies: msal 1.18.0b1 azure-mgmt-resource 21.1.0b1

Additional context

I noticed in the debug log that it's running the equivalent of az functionapp config ssl list so it seems the issue is that that isn't returning all the certs.

Additionally, I'm able to bind the cert to the function app through the portal. I want to be able to run all these commands in a script and not need to do every step in the portal.

azure-client-tools-bot-prd[bot] commented 5 months ago

Hi @deanm0000,

2.37.0 is not the latest Azure CLI(2.57.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

yonzhan commented 5 months ago

Thank you for opening this issue, we will look into it.

microsoft-github-policy-service[bot] commented 5 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AnatoliB, @Francisco-Gamino, @shreyabatra4.

microsoft-github-policy-service[bot] commented 5 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.

microsoft-github-policy-service[bot] commented 5 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AnatoliB, @Francisco-Gamino, @shreyabatra4.

microsoft-github-policy-service[bot] commented 5 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @dnssuppgithub.

deanm0000 commented 5 months ago

I updated my AZ cli and it mostly works now. `az functionapp config ssl list -g my_rg still only returns one thing but that was only an incidental concern.

CodingBricked commented 5 months ago

There seems to be some breaking change applied recently with regards to the managed certificates which are no longer returning thumbprints. This is affecting my pipelines which can no longer bind these certificates to Azure App Services.

There is various chatter about these functionality being removed as early as 2021 , however this was working for me earlier this week.

az webapp config ssl list no longer lists these certificates. (it did last week) az webapp config ssl bind will no longer bind a certificate even if you manage to find the thumbprint. (by binding it in the portal, taking the thumbprint, and attempting to rebind it)

None of the hostname bindings now show a thumbprint in resource explorer.

The Pulumi.AzureNative.Web.Certificate provider no longer returns a thumbprint, this is built off the ARM API for web.certificate.

Not sure what the internal thinking is behind this but it doesn't make any sense to drop all of the thumbprint features (3 years after saying you were going to do it last time) and not provide guidance or information on how we should be managing these going forward.

It's completely broken all automated pipelines using these api endpoints.