Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Custom Hostname SSL changing from Cloudflare managers cert to custom certificate #3012

Open
2 tasks done
skipspence opened this issue Dec 18, 2023 · 2 comments
Open
2 tasks done

Custom Hostname SSL changing from Cloudflare managers cert to custom certificate #3012

skipspence opened this issue Dec 18, 2023 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. service/tls Categorizes issue or PR as related to the TLS services. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced

Comments

@skipspence
Copy link

Confirmation

  • My issue isn't already found on the issue tracker.
  • I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.6.6
on darwin_arm64
+ provider registry.terraform.io/cloudflare/cloudflare v4.20.0

Affected resource(s)

  • cloudflare_custom_hostname

Terraform configuration files

resource "cloudflare_custom_hostname" "customHostName" {
  hostname                        = "test.hostname.example.com"
  zone_id                         = "abcdefghijklmnop"
  wait_for_ssl_pending_validation = true
  custom_origin_server            = "test.origin.example.com"
  ssl {
    method                = "http"
    type                  = "dv"
    certificate_authority = "lets_encrypt"
  }
}

# Changing the above resource to a custom certificate:
resource "cloudflare_custom_hostname" "customHostName" {
  hostname                        = "test.hostname.example.com"
  zone_id                         = "abcdefghijklmnop"
  wait_for_ssl_pending_validation = true
  custom_origin_server            = "test.origin.example.com"
  ssl {
    custom_certificate    = "-----BEGIN CERTIFICATE-----\nCERT\n-----END CERTIFICATE-----\n"
    custom_key            = "-----BEGIN PRIVATE KEY-----\nCERT\n-----END PRIVATE KEY-----\n"
  }
}

Link to debug output

https://gist.github.com/skipspence/395e43eeda044bac95f7bd2621a98e28

Panic output

No response

Expected output

A successful apply, disabling cloudflare managed certificate and replaced with the custom certificate.

Apply complete! Resources: 0 added, 1 changed, 0 destroyed.

Actual output

Apply fails. The certificate_authority attribute is not being changed to null when no longer defined. Causing an error response from the Cloudflare API.

│ Error: failed to update custom hostname certificate: The SSL attribute is invalid. Please refer to the API documentation, check your input and try again. (1434)
│
│   with cloudflare_custom_hostname.customHostName,
│   on main.tf line 17, in resource "cloudflare_custom_hostname" "customHostName":
│   17: resource "cloudflare_custom_hostname" "customHostName" {

Steps to reproduce

  1. Create a custom hostname resource and configure to use a Cloudflare manager certificate authority.
  2. Apply this resource.
  3. Update resource to contain a custom_certificate and custom_key while removing method and certificate_authority from the SSL configuration.
  4. Apply changed.

Additional factoids

No response

References

Trying to set
@skipspence skipspence added kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Dec 18, 2023
@github-actions GitHub Actions
Copy link
Contributor

Terraform debug log detected ✅

@github-actions github-actions bot added the triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. label Dec 18, 2023
@github-actions GitHub Actions
Copy link
Contributor

Community Note

Voting for Prioritization

  • Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

  • If you are interested in working on this issue, please leave a comment.
  • If this would be your first contribution, please review the contribution guide.

@jacobbednarz jacobbednarz added triage/accepted Indicates an issue or PR is ready to be actively worked on. service/tls Categorizes issue or PR as related to the TLS services. labels Jan 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. service/tls Categorizes issue or PR as related to the TLS services. triage/accepted Indicates an issue or PR is ready to be actively worked on. triage/debug-log-attached Indicates an issue or PR has a complete Terraform debug log. workflow/synced
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacobbednarz @skipspence