webapp: Hostname does not exist error on ssl bind #17219
Description
Describe the bug
Starting in 2.20.0, this started throwing errors. (was working in <=2.19). Note that this is for a situation where the app service & app service plan are in different resource groups.
What is happening is that we are trying to bind an ssl cert to app service with cname of ABC, but instead we get an error that an unrelated hostname (XYZ) does not exist (It actually does exist, making this a doubly-fun error).
It looks like something in az webapp config ssl bind is using the last ssl cert in the list rather than the one that corresponds to the given app service / cert thumprint. (If I run az webapp config ssl list, the hostname XYZ that appears in the error is the last in the list.)
Command Name
az webapp config ssl bind
Errors:
Hostname 'XYZ.domain.com' does not exist.
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
Here is how the certificate thumprint is selected:
APP_FQDN=ABC.domain.com
THUMBPRINT=$(az webapp config ssl list -g $PLAN_RESOURCE_GROUP --query "[?name=='$APP_FQDN'].thumbprint | [0]")
and here is the command that errors:
az webapp config ssl bind --resource-group $RESOURCE_GROUP --name $APP_SERVICE --certificate-thumbprint $THUMBPRINT --ssl-type SNI
Same results if the --ids arg is used instead.
Expected Behavior
Was working in 2.19
Environment Summary
Note, this is also occurring in multiple Azure DevOps pipelines (just started recently)
macOS-10.13.6-x86_64-i386-64bit
Python 3.8.8
Installer: HOMEBREW
azure-cli 2.20.0
Extensions:
front-door 1.0.11
aks-preview 0.5.4
webapp 0.3.1
application-insights 0.1.13