Enable-AzCdnCustomDomainCustomHttps - Bad Request (Property 'CustomHttpsParameters.CertificateSourceParameters.CertificateType' is required but it was not set)

[pjmvp]

Description

I'm trying to enable HTTPS in my CDN custom domain. I want it to have a CDN-managed certificate.

I get the Cdn Custom Domain using Get-AzCdnCustomDomain and pipe the result to Enable-AzCdnCustomDomainCustomHttps.

I pass a hash table to Enable-AzCdnCustomDomainCustomHttps' CustomDomainHttpsParameter.

The hash table is defined as:

$customDomainHttpsParameter = @{
  CertificateSource = "Cdn"
  ProtocolType = "ServerNameIndication"
  MinimumTlsVersion = "TLS12" 
}

But the response is a BadRequest with the error message:

"Property 'CustomHttpsParameters.CertificateSourceParameters.CertificateType' is required but it was not set"

I've also tried:

$customDomainHttpsParameter = @{
  CertificateSource = "Cdn"
  ProtocolType = "ServerNameIndication"
  MinimumTlsVersion = "TLS12" 
  CertificateSourceParameter = @{
    CertificateType = "Shared"
  }  
}

But the result is the same. When running with -Debug flag I see the payload being POSTed is:

Body:
{
  "certificateSource": "Cdn",
  "protocolType": "ServerNameIndication",
  "minimumTlsVersion": "TLS12"
}

So the CertificateSourceParameter , if needed at all, is being ignored by the parser.
This behaviour is probably driven by this part of the code.

It looks like a mismatch between the REST API and what the cmdlet serializes and sends. Or could I be creating my hash table incorrectly? The documentation is incomplete.

How can I enable HTTPS in my CDN custom domain using this PowerShell Module?

Issue script & Debug output

$customDomainHttpsParameter = @{
  CertificateSource = "Cdn"
  ProtocolType = "ServerNameIndication"
  MinimumTlsVersion = "TLS12" 
  CertificateSourceParameter = @{
    CertificateType = "Shared"
  }  
}

Get-AzCdnCustomDomain -ResourceGroupName $ResourceGroup -ProfileName $ProfileName -EndpointName $EndpointName -Name $CustomDomainName | Enable-AzCdnCustomDomainCustomHttps -CustomDomainHttpsParameter $customDomainHttpsParameter -Debug

Environment data

Name                           Value
----                           -----
PSVersion                      6.2.4
PSEdition                      Core
GitCommitId                    6.2.4
OS                             Microsoft Windows 10.0.19043
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

ModuleType Version    Name                                ExportedCommands
---------- -------    ----                                ----------------
Script     2.8.0      Az.Accounts                         {Add-AzEnvironment, Clear-AzConfig, Clear-AzContext, Clear-AzDefault…}
Script     2.1.0      Az.Cdn                              {Clear-AzCdnEndpointContent, Clear-AzFrontDoorCdnEndpointContent, Disable-AzCdnCustomDomainCustomHttps, Enable-AzCdnCustomDomainCustomHttps…}

Error output

Message        : [BadRequest] : Property 'CustomHttpsParameters.CertificateSourceParameters.CertificateType' is required but it was not set
StackTrace     :
Exception      : System.Exception
InvocationInfo : {Enable-AzCdnCustomDomainCustomHttps_EnableViaIdentity}
Line           : Get-AzCdnCustomDomain -ResourceGroupName $ResourceGroup -ProfileName $ProfileName -EndpointName $EndpointName -Name $CustomDomainName | Enable-AzCdnCustomDomainCustomHttps
                 -CustomDomainHttpsParameter $customDomainHttpsParameter -Debug

Position       : At C:\...\SetCdn.ps1:47 char:1
                 + Get-AzCdnCustomDomain -ResourceGroupName $ResourceGroup -ProfileName  ...
                 + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
HistoryId      : 4

[ghost]

Thank you for your feedback. This has been routed to the support team for assistance.

[navba-MSFT]

@pjmvp Apologies for the late reply. Thanks for reaching out to us and reporting this issue. We are looking into this issue and we will provide an update.

[navba-MSFT]

@pjmvp Could you please try this ?

$customDomainHttpsParameter = New-AzCdnManagedHttpsParametersObject -CertificateSourceParameterCertificateType Dedicated -CertificateSource Cdn -ProtocolType ServerNameIndication

Enable-AzCdnCustomDomainCustomHttps -ResourceGroupName RGName -ProfileName name -EndpointName name -CustomDomainName domain.in -CustomDomainHttpsParameter $customDomainHttpsParameter

[navba-MSFT]

@pjmvp I wanted to do quick follow-up to check if you had a chance to look at my above comment. Please let us know if you need any further assistance on this. Awaiting your reply.

[pjmvp]

@navba-MSFT, thanks for reaching out.

It works when I run it locally (my laptop).

• The fact that one can/should use 'New-AzCdnManagedHttpsParametersObject' is not properly documented.

However, if I run it in Azure DevOps, using the AzurePowerShell@5 task:

    - task: AzurePowerShell@5
      displayName: Enable HTTPS in CustomDomain
      inputs:
        azureSubscription: '...service connection...'
        ScriptPath: ...path to .ps1 script...'
        ScriptArguments: '...the arguments...'
        azurePowerShellVersion: LatestVersion     

it fails with

##[error]The term 'New-AzCdnManagedHttpsParametersObject' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Sounds like a version mismatch?

Can Az PowerShell 8.0.0 be used in Azure DevOps together with AzurePowerShell@5?

[navba-MSFT]

@pjmvp Could you please ensure that you are using Azure Powershell task and not plain powershell task? Did you try with the Azure Powershell Script:Inline task ? Awaiting your reply.

[pjmvp]

@navba-MSFT, I am indeed using the Azure PowerShell task (AzurePowerShell@5, as shown in my previous comment's code snippet), which reads the script content from a .ps1 file specified in ScriptPath.

However, New-AzCdnManagedHttpsParametersObject doesn't seem to be available in that task. I'd imagine the task is using an older version of Azure PowerShell (e.g. 7.5.0) which doesn't have that command yet?

I can't seem to find any documentation saying which version of Azure PowerShell is used by the AzurePowerShell@5 task.
Or if it's possible to somehow make it use the 8.0.0 version for that matter. I can try putting the script inline instead of from a file, but I don't think it'll make a difference, the script content is the same whether it's read from a file or inline.

[navba-MSFT]

@pjmvp The command is introduced in Az PowerShell 8.0, that might explain why this command couldn't be find in AzurePowerShell@5 task.

You could actually specify the target Azure PowerShell version in the task: [https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-powershell?view=azure-devops]

You could also update the Az.Cdn module to 2.1.0 in your script using:

Update-Module -Name Az.Cdn -RequiredVersion 2.1.0

Let me know if this solves your problem. Awaiting your reply.

[pjmvp]

I got

$customDomainHttpsParameter = New-AzCdnManagedHttpsParametersObject -CertificateSourceParameterCertificateType Dedicated -CertificateSource Cdn -ProtocolType ServerNameIndication

Enable-AzCdnCustomDomainCustomHttps -ResourceGroupName $ResourceGroup -ProfileName $ProfileName -EndpointName $EndpointName -CustomDomainName $CustomDomainName -CustomDomainHttpsParameter $customDomainHttpsParameter

to work by altering my AzurePowerShell@5 task:

    - task: AzurePowerShell@5
      displayName: Enable HTTPS in CustomDomain
      inputs:
        azureSubscription: '...service connection...'
        ScriptPath: ...path to .ps1 script...'
        ScriptArguments: '...the arguments...'
        #azurePowerShellVersion: LatestVersion      # Removed this
        TargetAzurePs: OtherVersion                        # Added this
        CustomTargetAzurePs: 8.0.0                         # Added this

I'd thought that having azurePowerShellVersion: LatestVersion would ensure it used the latest available Azure PowerShell (i.e. 8.0.0 or whichever maximum latest version it could get) but looks like that isn't the case. Adding those two lines seems to install 8.0.0 and use it, though:

Az version 8.0.0 not avaiable locally on the agent. Downloading dynamically.

I still think that this doc. page could benefit from an example using New-AzCdnManagedHttpsParametersObject.

Thanks a lot for the help, @navba-MSFT.

[navba-MSFT]

@pjmvp Thanks for getting back. I am glad that the issue is addressed. I will create a PR to enhance this documentation.

[navba-MSFT]

@pjmvp Seems like the fix for the examples has been committed already. see here. So this should be fixed in next release, which is in a week or two. With that we will proceed with closure of this GitHub thread. If you have any follow-up queries, please feel free to reopen this thread. We would be happy to help.