Creating Certificates stuck when deploying web app #17988
-
|
I've been using BICEP for a few years and deployed countless web apps with it. I'm faced with a strange situation I don't know how to resolve, because there is no error. I'm creating 2 app plans, several web apps and then the DNS records needed to set up an Azure-managed certificate. Once the DNS records are set up, the script creates the certificate for the webapp. This works on the web apps assigned to the first app plan. When the deployment script creates the certificates for the web apps in the second app plan, the deployment hangs indefinitely. There is no error. If I cancel the script and rerun it, I'm informed that a certificate creation process is already taking place, and I need to wait until X time. The end time is always the current date/time. The bicep module used to create the two app plans, linked web apps, domain records, and certificates, is the same. I've tried different regions to no avail. I've tried several API versions, including the most recent one. This is why you see an older API version in the examples below. Script below. Everything works as expected until the final certificates resource. If I comment out (webPortalCustomHostCert) and manually create the cert in the portal, it creates the cert fine. Why does the creation of certs on web apps on the second app plan hang/timeout when using the exact same modules, work on web apps on the first app plan? Thoughts appreciated. //manage domain records record for domain verification
@batchSize(3)
module addDomainVerifyRecordsApi 'webappDomains.bicep' = [for (api,i) in webApplicationsToCreateApi: {
name: 'DomainApi-${cnamesapi[i]}'
params: {
dnsZoneName: dnsZoneName //name of the dns zone to add the domain record to
cname: cnamesapi[i] //'www'
webappname: api
coreDomainResourceGroupName: coreDomainResourceGroupName
coreSubscriptionId: coreSubscriptionId
createAppServicePlanId: createAppPlans.outputs.appServicePlanApiId
location: location
}
dependsOn:[webAppSubCreateApi]
}]webappDomains.bicep resource webAppExisting 'Microsoft.Web/sites@2021-01-15' existing = {
name: webappname
}
//create a cname record for each web application
module UpdateExistingDnsZonePortal '../../../Common/updatednszonecname.bicep' = {
scope: resourceGroup(coreSubscriptionId,coreDomainResourceGroupName)
name: 'Cname-Record-${cname}'
params:{
dnsZone: dnsZoneName //name of the dns zone to add the domain record to
Cname: cname //'www'
Value: '${webappname}.azurewebsites.net'
}
dependsOn:[webAppExisting]
}
//get the verification id for the custom domain and create a txt record for the domain
module UpdateDnsTxtRecordVerification '../../../Common/updateDnsZoneTxtRecord.bicep' = {
scope: resourceGroup(coreSubscriptionId,coreDomainResourceGroupName)
name: 'Txt-Record-${cname}'
params: {
dnsZone: dnsZoneName //name of the dns zone to add the domain record to
TxtName: 'asuid.${cname}'
Value: webAppExisting.properties.customDomainVerificationId
}
dependsOn:[UpdateExistingDnsZonePortal]
}
//enable the custom domain for the web app
resource AppCustomHostEnable 'Microsoft.Web/sites/hostNameBindings@2022-09-01' = {
parent: webAppExisting
name: '${cname}.${dnsZoneName}'
properties: {
hostNameType:'Verified'
sslState:'Disabled'
customHostNameDnsRecordType:'CName'
siteName:webAppExisting.name
}
dependsOn: [UpdateDnsTxtRecordVerification]
}
//create a certificate for the custom domain -**This hangs**
resource webPortalCustomHostCert 'Microsoft.Web/certificates@2022-09-01' = {
location: location
name: '${cname}.${dnsZoneName}'
properties:{
serverFarmId: createAppServicePlanId
canonicalName:'${cname}.${dnsZoneName}'
}
dependsOn:[
AppCustomHostEnable
]
}
updatednszonecname.bicep @description('The name of the new record to add to the exsting DNS zone')
param Cname string
@description('Value of the CNAME')
param Value string
@description('DNS Zone')
param dnsZone string
resource zone 'Microsoft.Network/dnsZones@2023-07-01-preview' existing = {
name: dnsZone
}
resource record 'Microsoft.Network/dnsZones/CNAME@2023-07-01-preview' = {
name: Cname
parent: zone
properties: {
TTL: 1200
CNAMERecord:{
cname:Value
}
}
}
output dnsrecord string = Cname
updateDnsZoneTxtRecord.bicep @description('The name of the new record to add to the exsting DNS zone')
param TxtName string
@description('Value of the TXT')
param Value string
@description('DNS Zone')
param dnsZone string
resource zone 'Microsoft.Network/dnsZones@2023-07-01-preview' existing = {
name: dnsZone
}
resource record 'Microsoft.Network/dnsZones/TXT@2023-07-01-preview' = {
name: TxtName
parent: zone
properties: {
TTL: 1200
TXTRecords:[
{
value:[Value]
}
]
}
}
output dnsrecord string = TxtName
|
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The answer was to split out the creation of the app service plans and child web apps into two entirely separate deployment modules, rather than have both app service plans and web apps created in the same deployment module. this can be closed. |
Beta Was this translation helpful? Give feedback.
The answer was to split out the creation of the app service plans and child web apps into two entirely separate deployment modules, rather than have both app service plans and web apps created in the same deployment module.
this can be closed.