Automatically rebind SSL Certs that have Auto-Renew
Right now there is a way to purchase and Auto-Renew SSL-Certs for Web Apps. Unfortunately, the Auto-Renew does NOT also bind the new cert to the WebApps where the cert it is replacing is currently bound to.
This makes Auto-Renew more or less useless, as one still has to manually bind the new cert once it becomes available.
A cert with Auto-Renew should automatically bind to all WebApps where the cert it replaces is used.
Some feedback from our team:
We do not update the SSL binding on rare cases, and we do have the code working just that it happens on a different task. This is definitely a bug we will be fixing as soon as we can. Most likely will be dealt with in June.
Raised support ticket with Microsoft Azure support team for failed Key Vault synchronisation where it failed to replace bindings on existing app services / web apps after renewing (providing new version of) an existing certificate. They have just sent me to this feedback link. Disappointing to see this has been going on for nearly 2 years!
@AzureAppServiceTeam any further updates on this????
Mark Waksman commented
@AzureAppServiceTeam entering June now, any updates you can share on this?
Filip Petkov commented
This is still an issue and a big one. The certificate is renewed, but not automatically bind to the app services, which leads to a downtime of the apps. Any news on when it will be fixed or at least a workaorund recommendation?
Is this still an issue? I have an Azure App Service using SSL cert via the Azure cert store.
I checked today to find that AUto-renew is ON, and certificate will expire TOMORROW
No new cert has been generated yet.
Will the new cert be generated and rebinding occur automatically?
What do I need to do to ensure uninterupted service?
This just got me bad today. I thought the auto-renewal would make the cert also actually work. That's one of the main reasons I moved all our sites and certs to Azure. Instead the site cert just expired and no warnings at all were given that there was a problem. What's the ETA on getting this to work?
Just to update that we still have this work on our backlog but it has been delayed a bit. Our intention is to improve the UX to do a sync with the certificates after change.
Well I have 2 sites that are using certs which will need to be rebund in 6 days. The certs are already renewed, but the sites still use the old certs. Should this be working by now? Or do i need to rebind manually again?
(I insist on asking because i have ~ 50 host that i will need to rebind manually soon. I was _only_ using the mechanism offered by azure because if was hoping all of this would happen automatically….)
So where do I open that bug?
Thanks for the additional details in GH. I'll have the engineers on our team sync with the doc folks that answered here.
I will of course open a support request if you point me to where I should open it. I'd like to point out that here: https://github.com/MicrosoftDocs/azure-docs/issues/8151 I already tried and was pointed to this site. So if there is some other way, please let me know where to open that bug.