Unable to replace specific certificate

I came across a specific certificate in our library that throws a sql exception when you try to replace it.

Error while executing SQL command in transaction ‘https://octopus.appriver.com/api/certificates/certificates-staffaccount-staging-apps-appriver-co/replace ee7b11049e4c4dc2863d061eb45b49f6’: Violation of PRIMARY KEY constraint ‘PK_Certificate_Id’. Cannot insert duplicate key in object ‘dbo.Certificate’. The duplicate key value is (certificates-staffaccount-staging-apps-appriver-co).
The statement has been terminated.
The command being executed was:
INSERT INTO dbo.[Certificate] (Name, Thumbprint, Subject, NotAfter, EnvironmentIds, TenantIds, TenantTags, Archived, Created, Id, Json) values (@Name, @Thumbprint, @Subject, @NotAfter, @EnvironmentIds, @TenantIds, @TenantTags, @Archived, @Created, @Id, @Json)
at Nevermore.RelationalTransaction.Insert[TDocument](String tableName, TDocument instance, String customAssignedId, String tableHint, Nullable1 commandTimeoutSeconds) at Nevermore.RelationalTransaction.Insert[TDocument](TDocument instance) at Octopus.Server.Web.Api.Actions.Certificates.CertificateReplaceAction.Execute() in CertificateReplaceAction.cs:line 52 at Octopus.Server.Web.Infrastructure.Api.Responder1.Respond(TDescriptor options, NancyContext context) in Responder.cs:line 143
at System.Dynamic.UpdateDelegates.UpdateAndExecute3[T0,T1,T2,TRet](CallSite site, T0 arg0, T1 arg1, T2 arg2)
at Octopus.Server.Web.Api.OctopusRestApiModule.<>c__DisplayClass0_0.<.ctor>b__0(Object o) in OctopusRestApiModule.cs:line 48
at Nancy.Routing.Route.<>c__DisplayClass4.b__3(Object parameters, CancellationToken context)

I took a look in the db and didn’t see anything weird. I will eventually just have to manually replace this one but I thought I would let you guys know in case there is an edge case bug that could be squashed. TIA

Oh, upon a second look it appears to be due to the length at which you truncate certificate IDs and how you append the additional characters at the end for the replaced certificates. I tested this on another certificate that had already exceeded what appears to be a 50 character limit and ran into the same error.


Thanks for getting in touch and thanks for reporting this bug (and digging into why this was occurring)!

You’re correct. We’ve created a GitHub issue here that you can follow to be notified when this is fixed.