We welcome user feedback and feature requests!

It should be possible to renew/replace an SSL certificate via ARM templates

When I deploy an ARM template (that has previously been deployed) which contains a certificate, I would expect that the certificate would be updated/replaced when the pfxBlob has changed.

{
"type": "Microsoft.Web/certificates",
"name": "[variables('appService_name')]",
"apiVersion": "2016-03-01",
"location": "[parameters('resourceLocation')]",
"properties": {
"pfxBlob": "[parameters('sslCertificateData')]",
"password": "[parameters('sslCertificatePassword')]"
}
}

The current behaviour is that that the deployment will succeed and the certificate will not be updated. This is not intuitive.

Currently, to work around this limitation, it is necessary to remove the existing SSL binding and certificate via the portal or Powershell.

Remove-AzureRmWebAppSSLBinding -Name $bindingName -ResourceGroupName $resourceGroupName -WebAppName $webAppName -DeleteCertificate $true

3 votes
Vote
Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
You have left! (?) (thinking…)
John Mills shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Microsoft
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base