Automatically rebind SSL Certs that have Auto-Renew
Right now there is a way to purchase and Auto-Renew SSL-Certs for Web Apps. Unfortunately, the Auto-Renew does NOT also bind the new cert to the WebApps where the cert it is replacing is currently bound to.
This makes Auto-Renew more or less useless, as one still has to manually bind the new cert once it becomes available.
A cert with Auto-Renew should automatically bind to all WebApps where the cert it replaces is used.
App Service Certificates and Key Vault Certificates will automatically re-bind after auto-renewal. If you encounter other behavior, please file a support ticket.
Raised support ticket with Microsoft Azure support team for failed Key Vault synchronisation where it failed to replace bindings on existing app services / web apps after renewing (providing new version of) an existing certificate. They have just sent me to this feedback link. Disappointing to see this has been going on for nearly 2 years!
@AzureAppServiceTeam any further updates on this????
Mark Waksman commented
@AzureAppServiceTeam entering June now, any updates you can share on this?
Filip Petkov commented
This is still an issue and a big one. The certificate is renewed, but not automatically bind to the app services, which leads to a downtime of the apps. Any news on when it will be fixed or at least a workaorund recommendation?
Is this still an issue? I have an Azure App Service using SSL cert via the Azure cert store.
I checked today to find that AUto-renew is ON, and certificate will expire TOMORROW
No new cert has been generated yet.
Will the new cert be generated and rebinding occur automatically?
What do I need to do to ensure uninterupted service?
This just got me bad today. I thought the auto-renewal would make the cert also actually work. That's one of the main reasons I moved all our sites and certs to Azure. Instead the site cert just expired and no warnings at all were given that there was a problem. What's the ETA on getting this to work?
Just to update that we still have this work on our backlog but it has been delayed a bit. Our intention is to improve the UX to do a sync with the certificates after change.
Well I have 2 sites that are using certs which will need to be rebund in 6 days. The certs are already renewed, but the sites still use the old certs. Should this be working by now? Or do i need to rebind manually again?
(I insist on asking because i have ~ 50 host that i will need to rebind manually soon. I was _only_ using the mechanism offered by azure because if was hoping all of this would happen automatically….)
So where do I open that bug?
Thanks for the additional details in GH. I'll have the engineers on our team sync with the doc folks that answered here.
I will of course open a support request if you point me to where I should open it. I'd like to point out that here: https://github.com/MicrosoftDocs/azure-docs/issues/8151 I already tried and was pointed to this site. So if there is some other way, please let me know where to open that bug.