locked
Problem with SSL autorenew RRS feed

  • Question

  • hi.

    I have various web apps and ssl cert for them. The certs have been bought at the portal and auto-renewal is enabled. Yesterday, one of the old certs went invalid. So people got security-warnings when visiting the site. I looked after the ssl certs and - yes - a new cert to replace the old one _was_ available in "ssl certificates". However, it had _not_ been activated for the web app which i was supposed to be used for. 

    I this the expected behaviour, because that would mean i would have to manually update all sites each time a cert gets to old.

    Thanks,
    -thomas woelfer


    https://blogs.die.de/tw

    Thursday, February 1, 2018 7:22 PM

Answers

  • Hi Thomas, 

    I heard back from the web apps team and they mentioned that this issue very likely stemmed from the changes enforced by GoDaddy last March that I mentioned earlier. 

    https://azure.microsoft.com/en-us/updates/auto-renewal-of-ssl-certificates-in-app-service/

    Seems like there were quite a few issues that arose from these changes. They mentioned that going forward with your app you should be setup for everything to auto renew as normal. 

    If you do notice this occur again we can look back into it. But as I was advised, the issue should be a one time thing. 

    Tuesday, February 6, 2018 10:21 PM

All replies

  • Hi Thomas, 

    Doing some research it appears the cert should auto-renew and apply so you see no interruption in service. 

    Reviewing the doc I found this: 

    https://docs.microsoft.com/en-us/azure/app-service/web-sites-purchase-ssl-web-site

    You might need to re verify the domain. Can you review the above doc and let me know if it helps? 

    Thursday, February 1, 2018 11:35 PM
  • hi Micah.

    Nope, doesn't help. As i've said, the new certificate was already there. (domain verified, etc.). It just wasn't applied to the web app. So i had to go to the web app in the portal, discard of the old cert and apply the new one. (and this is what i would expect to work automatically.)

    i _did_ have another site where domain verification was needed. And regarding this, it really would be nice if there was a really _big_ notice on the portals start screen concerning such an issue.

    WM_THX
    -thomas woelfer


    https://blogs.die.de/tw


    Friday, February 2, 2018 8:47 AM
  • Hmmmm interesting. Okay I am going to reach out to some of the folks on the Web Apps development team to see if these certs should be auto applied or if we need to manually push them. 

    I will update you once I hear back. 

    Saturday, February 3, 2018 12:35 AM
  • Hi Thomas, 

    I heard back from the web apps team and they mentioned that this issue very likely stemmed from the changes enforced by GoDaddy last March that I mentioned earlier. 

    https://azure.microsoft.com/en-us/updates/auto-renewal-of-ssl-certificates-in-app-service/

    Seems like there were quite a few issues that arose from these changes. They mentioned that going forward with your app you should be setup for everything to auto renew as normal. 

    If you do notice this occur again we can look back into it. But as I was advised, the issue should be a one time thing. 

    Tuesday, February 6, 2018 10:21 PM
  • So basically i should keep an eye on my hosts which have certs that run out until end of march this year. Everything else should work automatically? Do i understand this correctly?

    WM_THX
    -thomas woelfer


    https://blogs.die.de/tw

    Tuesday, February 6, 2018 10:30 PM
  • Correct. I was told that As per these changes, all the domains validated before 03/01/2017 require manual validation for certificate renewal and they have enabled a notify mechanism for any domain in this state from the portal.

    So if your other apps require manual validation you should be notified. Otherwise, they should auto-renew and auto-apply the certificate when required. 

    Tuesday, February 6, 2018 10:33 PM