Question 104856 in Azure Question posted in
The official documentation to get you started can be found here.

Terraform Azure CDN Custom Domain Certificate not supported for this profile

I am trying to enable https for cdn endpoint custom domain. When trying to submit the code, i get the following error:

CertificateType value provided is not supported for this profile for enabling https.

The custom domain code:

resource "azurerm_cdn_endpoint_custom_domain" "endpointfrontend" {
  name            = "mykappdev"
  cdn_endpoint_id = azurerm_cdn_endpoint.cdnendpoint.id
  host_name       = "${azurerm_dns_cname_record.cnamefrontend.name}.${data.azurerm_dns_zone.dnszone.name}"
  cdn_managed_https {
    certificate_type = "Dedicated"
    protocol_type = "ServerNameIndication"
  }
}

The rest of the cdn code:

resource "azurerm_cdn_profile" "cdnprofile" {
  name                = "mycdn${var.environment}"
  location            = data.azurerm_resource_group.rg.location
  resource_group_name = data.azurerm_resource_group.rg.name
  sku                 = "Standard_Microsoft"
}
resource "azurerm_cdn_endpoint" "cdnendpoint" {
  name                = "${var.environment}-example"
  profile_name        = azurerm_cdn_profile.cdnprofile.name
  location            = azurerm_cdn_profile.cdnprofile.location
  resource_group_name = data.azurerm_resource_group.rg.name
  is_https_allowed = true
  origin {
    name      = "${var.environment}-origin"
    host_name = azurerm_storage_account.frontend.primary_web_host
  }
  depends_on = [
    azurerm_cdn_profile.cdnprofile
  ]
}

data "azurerm_dns_zone" "dnszone" { 
  name                = "my.app"
  resource_group_name = "rg-my"
}

Everything works fine when doing it via UI so the problem has to be in the code.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    After enabling custom https once per hand in the azure portal and than disabling it in portal, it was possible to change it via terraform. I hope this helps!


  2. 0

    Edit the block azurerm_cdn_endpoint

        resource "azurerm_cdn_endpoint" "cdnendpoint" {
      name                = "${var.environment}-example"
      profile_name        = azurerm_cdn_profile.cdnprofile.name
      location            = azurerm_cdn_profile.cdnprofile.location
      resource_group_name = data.azurerm_resource_group.rg.name
      is_https_allowed = true
      origin {
        name      = "${var.environment}-origin"
        host_name = azurerm_storage_account.frontend.primary_web_host
      }

      ### Code added
      delivery_rule {
        name  = "EnforceHTTPS"
        order = "1"

        request_scheme_condition {
          operator     = "Equal"
          match_values = ["HTTP"]
        }

        url_redirect_action {
          redirect_type = "Found"
          protocol      = "Https"
        }
      }
    ### End code added

      depends_on = [
        azurerm_cdn_profile.cdnprofile
      ]
    }

    Also, you can check this blog post https://www.emilygorcenski.com/post/migrating-a-static-site-to-azure-with-terraform/

    Hope this helps!

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search