A few weeks ago when I was migrating Kontext from Azure App Services to Azure Container Apps, there was no free managed certificate. To address that issue, I used Let's Encrypt to create a certificate for Kontext. This process will take me a few minutes every few months .
Now good news is that free managed certificate is also in preview in Azure Container Apps. The following code snippet shows you how to do that in Bicep.
* when I deploy using Bicep, my container app was already existing. This means the domain verification is already added to my Azure DNS zones. If you are building a new app using managed certificate, I would suggest you do it in two steps:
Bicep code to create container app enivronment, container and DNS records (incl. A record that points to IP of your container app and/or
asuidverification TXT record).
And then update Bicep code to add managed certificate and custom domains. In custom domains, you can reference the managed certificate ID directly. And then deploy Bicep code again with delta changes.
* The container image is from GitHub (not Azure Container Registry) in the following example.
When I run the deployments, Azure throws out one interim error like the following (however the deployment itself was not failing):
The client 'XXX' with object id 'XXX' does not have authorization to perform action 'Microsoft.App/locations/managedCertificateOperationStatuses/read' over scope '/subscriptions/XXX/providers/Microsoft.App/locations/Australia East/managedCertificateOperationStatuses/XXX' or the scope is invalid. If access was recently granted, please refresh your credentials. (Code: AuthorizationFailed)
After I wait for about 10 minutes the deployment becomes successful as the following screenshot does: