You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After importing a certificate, if I add a new SAN entry to the list of sans, the provider tries to DELETE the certificate rather than update-in place. As the certificate is LIVE, this always fails with a 409 error:
Error: remove enrollment: API error:
│ {
│ "type": "https://akab-redacted.luna.akamaiapis.net/cps/v2/error-types/certificate-live-on-network",
│ "title": "Cannot deprovision certificate(s). Certificate(s) are still live.",
│ "detail": "All Domains Inactive failure. Live certificates found on network: [a.uk, b.uk]",
│ "instance": "https://akab-redacted.luna.akamaiapis.net/cps/v2/error-types/certificate-live-on-network?id=9dae2a2eb12347c88cf973baaa617e6a",
│ "statusCode": 409
│ }
All that changes here is the local.sans list, adding one entry.
Thank you for raising this issue. We are investigating a potential solution.
Regards,
Cyryl
ckulinsk
changed the title
Add extra SAN to DV certificate triggers DELETE, which fails
DXE-3653 Add extra SAN to DV certificate triggers DELETE, which fails
Feb 29, 2024
Is there any workaround possible? This is fully blocking our use of terraform for cps as the add new name to list of SAN's is our primary change activity.
Hello @david-raine,
sorry for responding so late but we are still looking into your issue and we were unable to reproduce it. It seems not to be caused by terraform as we are not deleting the certificate. Could you please provide us log files? Setting environment variables: TF_LOG=TRACE and TF_LOG_PATH=./terraform.log will include optional logs and export them to file, which will be helpful in our investigation.
versions
terraform: v1.7.4
Akamai terraform: v5.6.0
description
After importing a certificate, if I add a new SAN entry to the list of sans, the provider tries to DELETE the certificate rather than update-in place. As the certificate is LIVE, this always fails with a 409 error:
All that changes here is the local.sans list, adding one entry.
expected
Plan should show update-in-place and terraform should trigger a certificate update.
actual
Plan shows "will be updated" and a certificate destroy is attempted.
terraform state after import
The import state looks good. SAN list seems correct.
Adding an entry to the SAN must not trigger a destroy.
The text was updated successfully, but these errors were encountered: