Mismatch between certificate variables with constraints


I have two certificates as follows:

  • CertT with constraint for Test only
  • CertP with constraint for Production only

In my project I have created these 2 variables:

  • Cert - pointing to CertT and with no scope constraints
  • Cert - pointing to CertP and with a scope for Production only

When I try to deploy to Production, though, I get a warning that a certificate scoped for Test will be installed on Production and I cannot continue. In this situation my variable should get the right certificate (the one scoped for Production), so the test one won’t go to Production. There shouldn’t by any warning when the variable gets overwritten, I would expect.


Hi Boyan,

You are (as always) correct. I was able to replicate this.

I have created an issue. We will resolve this ASAP.

In the meantime, you should be able to avoid that error by either:

  • Scoping the un-scoped Cert variable to the Test environment
  • Removing the Test environment scope from the CertT certificate


Hi Michael,

Yes, I added Test to the scope of the variable now in order to fix it. It just surprised me :slight_smile:

A note to this: it seems the Deploy step with a SSL certificate managed by Octopus doesn’t have this issue. I have the same scenario, but I don’t get any troubles when I am deploying to Production. I wondered if it works correctly there or this step doesn’t respect the constraints on the certificate?