Open thasimongyldendal opened 12 hours ago
Thank you for opening this issue, we will look into it.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @calvinsID.
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzureAppServiceCLI, @antcp.
same problem here
Workaround for now;
$resourceGroup = 'yourResourceGroup'
$dnsZone = "qa.example.com"
$subscriptionId = 'yourSubscription'
$plan = 'yourPlan'
$location = 'yourLocation'
$certificateCreationRequest = @{
name=$dnsZone;
location=$location;
properties= @{
canonicalName = $dnsZone;
domainValidationMethod = 'http-token';
serverFarmId = "/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/serverfarms/$plan"
}
}
$url = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/certificates/${dnsZone}?api-version=2023-12-01"
$json = ($certificateCreationRequest | ConvertTo-Json -Compress) -replace '"', '\"'
az rest --method PUT --url $url --body $json
This allows me to create the certificate and bind it without cname validation being forced. This is NOT possible in the portal or with az cli directly. Most likely I will use bicep to create the certificate instead of az cli, but hopefully you can allow us to override the domainValidationMethod in the command.
Describe the bug
I have the following DNS setup:
I create an A record in the child zone - @ and then the IP of the webapp, aswell as the asuid txt record for domain validation.
When running;
It fails with: Properties.CanonicalName is invalid. Not found CNAME directly pointing to *.azurewebsites.net. Current CNAME record of the hostname qa.example.com is empty.
It should be possible to specify the validation method, so that you can specify ARecord. This is currently possible in azure container apps with
az containerapp hostname bind
Related command
az webapp config ssl create
Errors
Sensitive information removed (removed the child DNS zone with example.com):
Issue script & Debug output
I think it's not needed.
Expected behavior
As an ARecord is defined in the child DNS zone, it should be able to validate and bind the certifcate. It defaults to cname, which seems incorrect.
Environment Summary
azure-cli 2.65.0
core 2.65.0 telemetry 1.1.0
Extensions: account 0.2.5
Dependencies: msal 1.31.0 azure-mgmt-resource 23.1.1
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Python (Windows) 3.11.8 (tags/v3.11.8:db85d51, Feb 6 2024, 22:03:32) [MSC v.1937 64 bit (AMD64)]
Additional context
No response