I’m attempting to set up a new tenant deployment using a certificate variable type, and no matter what I do the certificate does not show in the dropdown list. Additionally, when I look at old tenants that have been set up/deployed, the certificate input is blank.
I seem to be able to somewhat work around it by creating a project variable that points to the certificate, and update the tenant to point to it, but when I go to deploy I get the following message, even after refreshing the variable for the release and verifying the value is there.
Could not find certificate with ID ‘8f92d0ae-93f5-4318-a615-e8323f3bc7bd’, which is the value of variable…
I’m not sure what the ID refers to, but is not from the certificate. I’ve also attempted to remove all restrictions from the certificate but it still doesn’t appear in the list or work in the context of the deployment.
Thanks for getting in touch! I’m sorry to hear you’re hitting this confusing behavior. Can I ask which version you upgraded from? We’ve done some work recently around bouncycastle and certificate validation which may be a contributing factor here.
Additionally if possible, does adding a newly generated certificate give you the correct behavior?
We’ve gone from 2019.5.7 to 2019.5.10 to 2019.5.12. I don’t know off-hand which versions we might have run prior to 2019.5.7 (I generally only keep a couple on hand for rollback purposes).
The certificate in question is a new certificate, both in terms of when it was issued and when we first uploaded it to Octopus, though it is self-signed if that makes any difference. It was issued on June 26, and we only added it to Octopus on the 28th. I uploaded the certificate after the current version was applied (on 2019.5.12). I have not been able to get it nor any other certificate to properly show in the picker for any tenant, no matter what I do.
I was able to get the deployment for the tenant to work, though I know it’s not ideally how it should have been done - via direct DB changes. Specifically, I found the TenantVariable record related to the Certificate variable for the Tenant I was having issues with, and the JSON and RelatedDocumentId had the value set to the variable name, rather than the name of the certificate (eg, if my Project had a Variable Template of IIS-Certificate, the value of these fields was {"Value:":"IIS-Certificate"} and IIS-Certificate, respectively). When I updated these two fields to be the name of the certificate I was trying to use (eg. certificates-foo-com), everything worked.
It doesn’t solve the underlying picker issue, but it does allow things to work at deployment time at least.
Thanks for following up and confirming the versions you were both on and what you’ve upgraded to. Great to hear you’ve gotten unstuck, though this definitely seems like something where the root cause needs to be addressed without having to resort to DB changes (which we try to avoid having to ever recommend doing).
With the help of my team, we’ve been able to replicate this issue where the dropdown only displays variable names instead of the certificates themselves. We’re actively working on the fix for it, and a patch to this fix should be available soon. You can track the bug report at the following link.
I’m very sorry for the inconvenience this has caused both of you. Please don’t hesitate to reach out if you have any questions or concerns in the future.
Thanks for getting in touch, and I’m very sorry to hear you’ve been bitten by this bug as well! The fix for this issue has been shipped as part of the 2019.6.2 LTS patch release and you can reference this specific issue here.
This fix will also be shipped in the fast lane as part of release 2019.7.0 which will be available very soon.
Thanks for following up and letting me! That’s great to hear you’re set to go after the upgrade. Don’t hesitate to reach out if you have any questions or concerns in the future.