This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 82%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Our App Service occasionally ends up serving the default *.azurewebsites.net certificate for our custom domain, instead of the certificate for our domain. There doesn't seem to be any rhyme or reason. In almost all cases, it serves the correct one, but occasionally it will serve the default one. We have a custom domain, and SNI binding set up. The Troubleshooter will generally say there are no problems, but will sometimes show the incorrect certificate for one or both of the bare domain, and the www subdomain. I have even seen it serve a page request and all related resources with the correct certificate, except for one css file in the midst of all the other requests on the same domain being served with the wrong certificate and subsequently blocked by the browser.
Any ideas where to begin?
@Chris Marasti-Georg send us an email to AzCommunity[at]microsoft[dot]com ATTN Ryan with your subscription id and app name so we can take a closer look.
Deleting and re-creating the SSL/domain bindings resolved the issue. It seems there was some sort of synchronization issue in the underlying Azure infrastructure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Thanks Chris for taking time to share the workaround and findings with the community.
We apologies for any inconvenience with this issue. If you need further assistance on this (sync) problem, kindly let us know via the email ryanchill had shared, we would be happy to connect with you further.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 45%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKP%3C/text%3E%3C/svg%3E)
Thank you, it's been a couple of years but apparently I encounter the same issue. Deleting & recreating domain binding solves my problem (so far).
Apparently not, today my website showing wrong certificate again :( does anyone have any idea?
I found the workaround, turns out when I switched the method, from "A record" to "forward to www", it works as expected. I use this method now and it works as expected: https://learn.microsoft.com/en-us/azure/static-web-apps/apex-domain-external#forward-to-www-subdomain
I found the workaround, turns out when I switched the method, from "A record" to "forward to www", it works as expected. I use this method: https://learn.microsoft.com/en-us/azure/static-web-apps/apex-domain-external#forward-to-www-subdomain