Doesn't create a certificate for the first time
andrewgluh opened this issue ยท 5 comments
Web job will renew a certificate that already exists, but doesn't create a certificate for the first time like the letsencrypt extension.
This limits it's usefulness, especially for multi-tenanted apps where new domains are added on a regular basis.
The letsencrypt-webapp-renewer WebJob boils down to the same code as the site extension. It doesn't care whether a cert already exists or not (unless you specify renewXNumberOfDaysBeforeExpiration in which case it only checks its expiration date to see whether to run or not). When it runs, it simply creates a new cert and associates it with the appropriate Web App domains (regardless if there was a previous cert and/or association).
Indeed, in order to test this scenario I just created a blank new Web App with no cert configured, ran the letsencrypt-webapp-renewer WebJob and a new cert was configured successfully.
If this is not your experience, please share the exact steps you are taking and the full log of your WebJob run.
I see what's going on here, looks like the presence of renewXNumberOfDaysBeforeExpiration results in a different code path that indeed only renews. I'll see if I can work around that, I may need to ask Simon for another API in LetsEncrypt.Azure.Core (the library behind letsencrypt-siteextension).
Yeah, it looks like I need an API from the original site extension: sjkp/letsencrypt-siteextension#188.
Thanks for the update Ohad.
Looking forward to a resolution.