Create App Service Managed Certificates

Pavlo Sofronov 96 Reputation points
2021-03-08T14:19:44.477+00:00

Hi,
I'm trying to create a certificate for my naked domain but I get the next error:

Hostname not eligible for App Service Managed Certificates creation. Ensure that your domain second-language.net has an A record which is set to 20.50.2.18.

I follow the instruction here https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-managed-certificate-preview
and it works perfectly for the not naked domain for instance www.second-language.net and others

I have the next lines in my dns records
; A Records
@ IN A 20.50.2.18
; Others
@ IN CAA 0 issue "digicert.com"

also, other CNAME records were read from the Azure side successfully so my record does too. (cause I have the ability did certificate for CNAME)

Maybe it could help.

Also, I've noticed, in the Chrome console, request, which probably checks the elegibility, with answer

aRecords: ["193.47.99.5"]
0: "193.47.99.5"
customDomainVerificationTest: "Passed"
hasConflictAcrossSubscription: false
hasConflictOnScaleUnit: false
isHostnameAlreadyVerified: true

This answer contains a record with the api 193.47.99.5 which API of my hoster who host my dns records but my records in dns references to API 20.50.2.18

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,924 questions
0 comments
Accepted answer
  1. Pavlo Sofronov 96 Reputation points
    2021-03-11T11:34:09.113+00:00

    Answer deep inside comment so I extract it to the top.

    blog: https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html

    Just to confirm, are you still experiencing this issue?
    -DigWeb is showing that second-language.net has that A record set now.

    -If the issue persist, kindly create the cert using the script from the blog?

    Please make sure that the A record of the domain should map properly to the IP address of the web app.

    Thanks for your feedback and follow-up on this! it's much appreciated.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ajkuma 22,436 Reputation points Microsoft Employee
    2021-03-09T14:21:19.967+00:00

    @Pavlo Sofronov , Thanks for the good detailed question!

    As of today, the App Service Managed Certificate only supports **non-naked domain*. We have a Uservoice feedback on this, you may wish to upvote on this.

    Which means, you can protect www domain https://www.second-language.net, but neither https://second-language.net (naked domain) and nor https://test.second-language.net (wildcard domain) at this time. For your case, you may want to leverage App Service Certificate instead.

    Thanks for your feedback. Our product team is working on it, I’ll also relay this feedback internally.

    Kindly see the difference between App Service Certificate and App Service Managed Certificate – each of these certificates can be used for different requirement:
    https://microsoft.github.io/AzureTipsAndTricks/blog/tip259.html

    75875-image.png