question

bxav avatar image
3 Votes"
bxav asked ClaytonThorrez-4108 commented

Error when creating App Service Managed Certificates for root domain

Hello,

I'm trying to create an app service managed certificate for root domain as it's described in https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html .
The domain is added and point to the right place, I have also added the CAA record but even if I use the script given on the blog post I get the same error than on the interface.

On the script:

Status Message: Properties.CanonicalName is invalid. Not found A record directly pointing to outbound ip address of website azerty-lp-897987987. Current A record record of the hostname is empty. (Code: BadRequest)

On the interface

Hostname not eligible for App Service Managed Certificates creation. Ensure that your domain xxxxxxxxxxxx.app has an A record which is set to 20.50.2.7.

azure-webappsazure-webapps-ssl-certificatesazure-webapps-custom-domains
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

Grmacjon-MSFT avatar image
0 Votes"
Grmacjon-MSFT answered ClaytonThorrez-4108 commented

Hi @bxav,

App Service Managed Certificate comes with the following limitations:

Does not support wildcard certificates.
Does not support naked domains.
Is not exportable.
Is not supported on App Service Environment (ASE)
Does not support A records. For example, automatic renewal doesn't work with A records.

Also, you may need to add 0 issue digicert.com to your CAA record.

Please double-check to make sure your CNAME meets the above requirements. Let us know if you have further questions.

Best,
Grace


· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello Grace,
Thanks for your answer. But I thought that Microsoft announced that naked domains were supported from the 2nd of March https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html

For the other conditions, I checked everything is fine.

3 Votes 3 ·

Same Issue... Did you found a solution?

0 Votes 0 ·

Moving to Google app engine... It works straight away there.
All jokes aside, no, I hope it's just a question of time maybe it's just the location of the service plan (I'm in westeurope). Il will try to pay for azure support and get an answer. 🤞

2 Votes 2 ·
Show more comments

Naked domains are now supported (except web app integrated with Traffic Manager)

2 Votes 2 ·