0

I have a real chicken and egg situation. Also i am quite new to ARM so maybe missing something glaringly obvious.

Previously we had an arm template that worked using a certificate from a keyvault which was fine. hostnamebindings resources created the custom domain and binding.

However we want to move to use the explicit self managed certificates in azure for the web service but are hitting some issues at the last hurdle.

The certificate is dependant on the custom domain as without it it fails to deploy but we can not reference the same resource twice in the template without it erroring.

Order must be:

  1. Create custom domain
  2. Create certificate
  3. Bind certificate

ARM template extract below.

{
  "condition": "[equals(parameters('UseCustomDomain'),'True')]",
  "Comments": "If custom domain is selected then add to the webapplication",
  "type": "Microsoft.Web/sites/hostnameBindings",
  "apiVersion": "2022-03-01",
  "name": "[concat(variables('appName'), '/', variables('DomainName'))]",
  "location": "[ResourceGroup().location]",
  "dependsOn": [
      "[resourceId('Microsoft.Web/sites', variables('appName'))]"
            ],
  "properties": {
      "domainId": null,
      "hostNameType": "Verified",
      "siteName": "variables('DomainName')"
                }
},
{
  "type": "Microsoft.Web/certificates",
  "apiVersion": "2021-03-01",
  "name": "[variables('DomainName')]",
  "Comments": "Creating Subdomain Certificate",
  "location": "[resourceGroup().location]",
  "dependsOn": [
                "[resourceId('Microsoft.Web/sites', variables('AppName'))]",
                "[resourceId('Microsoft.Web/sites/hostnameBindings/',variables('appName'), variables('DomainName'))]"
               ],
  "properties": {
        "hostNames": [
             "[variables('DomainName')]"
                     ],
        "canonicalName": "[variables('DomainName')]",
        "serverFarmId": "[variables('ServerFarmID')]"

            }
},

What I would like to do is add the following properties after the the certificate is created to the hostnamebindings resource.

"sslState": "[if(variables('enableSSL'), 'SniEnabled', json('null'))]",
"thumbprint": "[if(variables('enableSSL'), reference(resourceId('Microsoft.Web/certificates', variables('DomainName'))).Thumbprint, json('null'))]"

Is there a way to make individual properties dependant on a resource? When i try the below in the hostname bindings properities i get a "Deployment template validation failed: 'Circular dependency detected on resource"

"properties": { "domainId": null, "hostNameType": "Verified", "siteName": "variables('DomainName')", "dependsOn": [ "[resourceId('Microsoft.Web/certificates', variables('DomainName'))]" ], "sslState": "[if(variables('enableSSL'), 'SniEnabled', json('null'))]", "thumbprint": "[if(variables('enableSSL'), reference(resourceId('Microsoft.Web/certificates', variables('DomainName'))).Thumbprint, json('null'))]" }

Any help greatly appreciated.

Gringo404
  • 1
  • For binding the certificate are you using SSL binding? – Tarun Krishna Jan 19 '23 at 06:00
  • Hi @TarunKrishna. I am trying to us the Microsoft.Web/sites/hostnameBindings resource if the certificate existed then the below would work in the properties section. "hostNameType": "Verified", "siteName": "variables('DomainName')", "sslState": "[if(variables('enableSSL'), 'SniEnabled', json('null'))]", "thumbprint": "[if(variables('enableSSL'), reference(resourceId('Microsoft.Web/certificates', variables('DomainName'))).Thumbprint, json('null'))]" } }, – Gringo404 Jan 20 '23 at 09:21
  • Try this [ARM template](https://github.com/Azure/azure-quickstart-templates/blob/master/quickstarts/microsoft.web/web-app-custom-domain-and-ssl/azuredeploy.json) it might help you. – Tarun Krishna Jan 20 '23 at 13:09
  • Thanks found the way around this was to use a nesteddeployment with outer scope. – Gringo404 May 12 '23 at 14:37

0 Answers0