Certificate service renewal fails with error.

[TonyWildish-BH]

I'm trying to renew the certificate for Nexus, using the custom renew action of the certificate service. This fails with an error:

Error message: ERROR: The request may be blocked by network rules of storage account. Please check network rule set using 'az storage account
show -n accountname --query networkRuleSet'. If you want to change the default action to apply when no rule matches, please use 'az storage
account update'. ERROR: The request may be blocked by network rules of storage account. Please check network rule set using 'az storage account
show -n accountname --query networkRuleSet'. If you want to change the default action to apply when no rule matches, please use 'az storage
account update'. error running command /cnab/app /bin/bash ./scripts/letsencrypt.sh --application_gateway_name ******* --cert_name nexus-ssl
--fqdn ******* --keyvault_name ******* --resource_group_name ******* --storage_account_name *******: exit status 1 Error: error running command
/cnab/app /bin/bash ./scripts/letsencrypt.sh --application_gateway_name ******* --cert_name nexus-ssl --fqdn ******* --keyvault_name *******
--resource_group_name ******* --storage_account_name *******: exit status 1

Steps to reproduce

1. Go to the UI, find the certificate shared service, -> Actions -> renew

Azure TRE release version (e.g. v0.14.0 or main):
We're about 2 months behind the HEAD at the moment.

Deployed Azure TRE components - click the (i) in the UI:
UI Version: 0.5.27
API Version: 0.18.1

[marrobi]

Looks like its a policy on your subscription preventing the storage account firewall being temporarily opened to allow upload of the cert. Think you have hit something like this previously?