Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Moving a web app to a new subscription #127

Closed
graemebenzie opened this issue Apr 19, 2017 · 3 comments
Closed

Moving a web app to a new subscription #127

graemebenzie opened this issue Apr 19, 2017 · 3 comments
Labels
question

Comments

@graemebenzie
Copy link

graemebenzie commented Apr 19, 2017
edited
Loading

Hi, I have a question and wondered if you could help.

I created an Azure web app, added a custom domain then added a certificate with the Lets Encypt (x86) Extension. The web app is in a subscription meant for testing only. I thought I could easily upgrade it later. I need to move it to a pay as you go subscription.

This is an easy step using the portal, however moving the certificate has to done manually.

Could you tell me what steps I should take to move the certificate with the least downtime? Would I need to fix something so the automatic certificate renewals continue to work?

Would it be best to delete the extension and certificate then set it up again after the move? If so how do I do the delete?

Thanks for any time you can spare.

Regards
@sjkp
Copy link
Owner

sjkp commented Apr 19, 2017
edited
Loading

Since the letsencrypt certificates are free, I wouldn't worry about moving it. I would just create a new in the new subscription. Yes you will have down time, but it will be a minute or two at max. You should probably be able to find a time for that. If not you can download the certificate from the azure web app. But unless you requested it with a password, you will not be able to install it using the portal (no password is apparently not accepted for pfx files, you can change the pfx to be password protected with e.g. openssl, but google that, I don't remember the exact steps):

One thing I want to stress, is that you test the process with non-production site first if you want to minimize downtime, so that you know exactly what to do. You most likely have to change some of the app settings used by the letsencrypt extension, and unless you have done it before, you are probably going to get more down time than a few minutes, before you get those things corrected.

@sjkp sjkp added the question label Apr 19, 2017
@sjkp sjkp closed this as completed Apr 19, 2017
@graemebenzie
Copy link
Author

graemebenzie commented May 2, 2017
edited
Loading

I did it. Thanks greatly for your time.

Here are some details for anyone in the same situation.

The portal would not let me move without first deleting the installed certificates which i did like this https://channel9.msdn.com/blogs/Azure-App-Service-Self-Help/Remove-SSL-Bindings-and-Certificates

Unrelated to the Lets encrypt extension, when I tried to move resources to a new subscription in the Azure portal I got a validation error. I needed to register the source subscription with Microsoft.Compute before it would work, as described here https://social.msdn.microsoft.com/Forums/sqlserver/en-US/f8cc120a-3ca6-4d36-9747-d0c09f6f84cf/unable-to-move-resources-between-subscriptions?forum=windowsazuredata

In the app settings for the extension I had to update subscriptionID, I found the service principle didn't have the correct permissions anymore. I just created a new service principle from the instructions on this page https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/21872#.WQh_LtIrJaQ

Thanks

@sjkp
Copy link
Owner

sjkp commented May 2, 2017

@graemebenzie thanks for sharing the process, sure it will come in handy for others.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sjkp @graemebenzie