skip to Main Content

I am trying to enable https for cdn endpoint custom domain. When trying to submit the code, i get the following error:

CertificateType value provided is not supported for this profile for enabling https.

The custom domain code:

resource "azurerm_cdn_endpoint_custom_domain" "endpointfrontend" {
  name            = "mykappdev"
  cdn_endpoint_id = azurerm_cdn_endpoint.cdnendpoint.id
  host_name       = "${azurerm_dns_cname_record.cnamefrontend.name}.${data.azurerm_dns_zone.dnszone.name}"
  cdn_managed_https {
    certificate_type = "Dedicated"
    protocol_type = "ServerNameIndication"
  }
}

The rest of the cdn code:

resource "azurerm_cdn_profile" "cdnprofile" {
  name                = "mycdn${var.environment}"
  location            = data.azurerm_resource_group.rg.location
  resource_group_name = data.azurerm_resource_group.rg.name
  sku                 = "Standard_Microsoft"
}
resource "azurerm_cdn_endpoint" "cdnendpoint" {
  name                = "${var.environment}-example"
  profile_name        = azurerm_cdn_profile.cdnprofile.name
  location            = azurerm_cdn_profile.cdnprofile.location
  resource_group_name = data.azurerm_resource_group.rg.name
  is_https_allowed = true
  origin {
    name      = "${var.environment}-origin"
    host_name = azurerm_storage_account.frontend.primary_web_host
  }
  depends_on = [
    azurerm_cdn_profile.cdnprofile
  ]
}

data "azurerm_dns_zone" "dnszone" { 
  name                = "my.app"
  resource_group_name = "rg-my"
}

Everything works fine when doing it via UI so the problem has to be in the code.

2

Answers


  1. Chosen as BEST ANSWER

    After enabling custom https once per hand in the azure portal and than disabling it in portal, it was possible to change it via terraform. I hope this helps!


  2. Edit the block azurerm_cdn_endpoint

        resource "azurerm_cdn_endpoint" "cdnendpoint" {
          name                = "${var.environment}-example"
          profile_name        = azurerm_cdn_profile.cdnprofile.name
          location            = azurerm_cdn_profile.cdnprofile.location
          resource_group_name = data.azurerm_resource_group.rg.name
          is_https_allowed = true
          origin {
            name      = "${var.environment}-origin"
            host_name = azurerm_storage_account.frontend.primary_web_host
          }
    
          ### Code added
          delivery_rule {
            name  = "EnforceHTTPS"
            order = "1"
    
            request_scheme_condition {
              operator     = "Equal"
              match_values = ["HTTP"]
            }
    
            url_redirect_action {
              redirect_type = "Found"
              protocol      = "Https"
            }
          }
        ### End code added
    
          depends_on = [
            azurerm_cdn_profile.cdnprofile
          ]
        }
    

    Also, you can check this blog post https://www.emilygorcenski.com/post/migrating-a-static-site-to-azure-with-terraform/

    Hope this helps!

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search