question

JoeH-0944 avatar image
0 Votes"
JoeH-0944 asked DirkManderin-7278 answered

App Service Managed Certs alternative validation method

We would like to use App Service Managed Certs for our webapps, but they reside behind Cloudflare. Because of this, ASMC will not validate because the CNAME doesn't point to azurewebsites.net. Is there any plan to add alternative validation methods? Checking if the custom domain in the web app is already validated is used to validate paid App Service Certificate purchases now. ASMC should be able to do this as well I would think.

azure-webappsazure-webapps-ssl-certificates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Grmacjon-MSFT avatar image
0 Votes"
Grmacjon-MSFT answered Grmacjon-MSFT edited

Hi @JoeH-0944,

It looks likes you asked this question a couple of months ago on this post. Nothing has changed with the validation process. The only way to validate an App Service Managed Certs for your webapps is if your custom domain has a CNAME pointed to your <app-name>.azurewebsites.net.

Thanks,
Grace



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OliverLucas-443 avatar image
0 Votes"
OliverLucas-443 answered

Yes this still looks to be a problem.

The actual response should be:

"The only way to validate an App Service Managed Certs for your webapps is if your custom domain has a CNAME pointed to your <app-name>.azurewebsites.net and be PUBLICLY RESOLVABLE to the CNAME record" aka no record based masking.

It seems a bit stupid for this tbh, considering other providers use HTTP/HTTPS validation methods to ensure the traffic sent, is received by the service.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DirkManderin-7278 avatar image
0 Votes"
DirkManderin-7278 answered

Yeah, this really pisses me off. We also use Cloudflare and can't use ASMC because of this. The ridiculous thing is that they've already verified my custom domains that I want the certs for. No reason they couldn't use a TXT record or HTTP validation method either.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.