When adding a second multisite HTTPS listener on an application gateway, I get the below exception:
Failed to save configuration changes to application gateway 'MyAppGateway'. Error: Either Data or KeyVaultSecretId must be specified for Certificate 'MyResourceGroup/providers/Microsoft.Network/applicationGateways/MyAppGateway/sslCertificates/myCertificateName'>MyAppGateway/myCertificateName' in Application Gateway.
This error occurs regardless of whether I use the same certificate for both listeners (with the different domains covered by the SAN list), or configure individual certificates per listener.
Once I've hit this error, I can't update the application gateway in any way / the only fix seems to be to delete it.
Is this a known issue, or am I doing something wrong? I'm following the steps as described here; only I'm using a self-signed certificate for the initial SSL cert (i.e. rather than getting LetsEncrypt to issue the initial certificate / since it will be overwritten anyway). When I did a POC of this for a single site all worked as expected; so the issue seems to relate to my use of the multi-site feature (i.e. having different FQDNs pointing to the shared public IP of the app gateway, then routing the requests to different backends based on the host header values).