Azure webapp not updating certificate on keyvault

2
votes

I have a webapp running on Azure and it gets its SSL certificate from Keyvault.

I've updated the certificate on keyvault a week ago and the web app is still using the old one.

According to Azure doc, the webapp checks for new certificates regularly

Here is what I see on Azure KeyVault -> Certificates: Azure Keyvault

Here is the certificate on my webapp: Certificate on webapp

The certificate was attached with Azure ARM template:

{
  "type":"Microsoft.Web/certificates",
  "name":"[parameters('environmentConfiguration').Certificate]",
  "apiVersion":"2016-03-01",
  "location":"[resourceGroup().location]",
  "properties":{
      "keyVaultId":"[variables('keyVaultId')]",
      "keyVaultSecretName":"[parameters('environmentConfiguration').Certificate]",
      "serverFarmId": "[resourceId(variables('serverFarmResourceGroup'), 'Microsoft.Web/serverfarms', variables('serverFarmName'))]"
  },

How to troubleshoot this kind of problems?

1
azureazure-web-app-serviceazure-keyvault
have you restarted your app ?Thomas
I've done it, and it still shows the old certificateJuChom

1 Answers

3
votes

The web app is still using the old one after you have updated a week ago. The possible cause is as below:

The Web Apps feature of Azure App Service runs a background job every eight hours and syncs the certificate resource if there are any changes. When you rotate or update a certificate, sometimes the application is still retrieving the old certificate and not the newly updated certificate. The reason is that the job to sync the certificate resource hasn't run yet.

Solution:

You can force a sync of the certificate. select the certificate from App Service Certificates.Select Rekey and Sync, and then select Sync. The sync takes some time to finish.When the sync is completed, you see the following notification: "Successfully updated all the resources with the latest certificate."

Update

Please verify if the configuration of the new certificate is correct referring to this.

Please check the Prerequisites, Deploying Key Vault Certificate into Web App, Rotating Certificate referring this blog: deploying Azure Web App Certificate through Key Vault.