hi , I am trying to deploy application g/w with ssl certificate from key vault. It is prompting error as SecretIdSpecifiedIsInvalid when I run terraform apply …Even though it is showing correct certificate id and name on error code which I can validate manually on portal.
I am also able to deploy app gateway manually using the same certificate from keyvault.
identity {
type = “UserAssigned”
identity_ids = [azurerm_user_assigned_identity.cert-ident.id, ]
}
dynamic “ssl_certificate” {
for_each = toset(var.app-site)
content {
name = “{var.environment}-cert-{ssl_certificate.value}”
key_vault_secret_id = lookup({ for cert in data.azurerm_key_vault_certificate.cert : cert.name => cert.id }, “{var.environment}-cert-{ssl_certificate.value}”)
}
}
dynamic “http_listener” {
for_each = toset(var.app-site)
content {
name = “{var.environment}-lsnr-{http_listener.value}”
frontend_ip_configuration_name = “{var.environment}-appgw-feip"
frontend_port_name = "{var.environment}-appgw-https”
protocol = “Https”
host_name = “{http_listener.value}.{var.environment}.xxxxx.com”
ssl_certificate_name = lookup({ for cert in data.azurerm_key_vault_certificate.cert : cert.name => cert.name }, "${var.environment}-cert-${http_listener.value}")
│ Error: creating Application Gateway: (Name “poc-appgw-iaps” / Resource Group “poc-rg-appgw”): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 – Original Error: Code=“SecretIdSpecifiedIsInvalid” Message=“SecretId ‘https://pockv-iaps.vault.azure.net/certificates/poc-cert-admin/xxxxxxxxxx’ specified in ‘/subscriptions/xxxxxxxxxxxxxxx/resourceGroups/poc-rg-appgw/providers/Microsoft.Network/applicationGateways/poc-appgw-iaps/sslCertificates/poc-cert-admin’ is invalid.” Details=[]