question

ClaytonThorrez-4108 avatar image
0 Votes"
ClaytonThorrez-4108 asked ClaytonThorrez-4108 commented

Unable to create App Service Managed Certificate for Apex Domain

Hello, I have an App Service resource which I want use a custom domain for and I want to have support for www.<mydomain>.com and for the naked domain, <mydomain>.com.

I have followed this tutorial https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain. To handle the www part, I set up a CNAME record and created a custom subdomain. Then I followed this tutorial to set up SSL. https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings This worked great and I can access www.<mydomain>.com with https.

Then I tried to do the naked domain. I set up the custom domain using an A record and the resource IP address following the first tutorial. I confirmed this worked by accessing the site without HTTPS. Then I attempted to add the SSL to this custom domain but got an error.

"Hostname not eligible for App Service Managed Certificates creation. Ensure that your domain <mydomain>.com has an A record which is set to <my ip address>."

I do have this DNS record set. I was required to have it in order to set up the custom domain in the first place. According to this page this feature should be available as of 03/2021. https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html

Any idea what the issue here is?
Thanks and all the best.


azure-webappsazure-webapps-ssl-certificatesazure-webapps-custom-domains
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Grmacjon-MSFT avatar image
1 Vote"
Grmacjon-MSFT answered ClaytonThorrez-4108 commented

Hello @ClaytonThorrez-4108,

We apologies for the fustration this issue may have caused. This is a known issue when using the portal to create ASMC for apex domain and the ASMC team is working on deploying a fix. In the meantime, can you please try this Powershell script:

  #Connect-AzureRmAccount
        
  $subscription = "SUBSCRIPTION-ID"
  $resourceGroupName = "RESOURCE-GROUP-NAME"
  $appServicePlanName = "APP-SERVICE-PLAN-NAME"
  $subjectName = "DOMAIN-NAME"
        
  Set-AzureRmContext -SubscriptionId $subscription
        
  $appServicePlan = Get-AzureRmResource `
      | Where-Object {$_.ResourceGroupName -eq $resourceGroupName } `
      | Where-Object {$_.Name -eq $appServicePlanName}
        
  New-AzureRMResourceGroupDeployment `
      -ResourceGroupName $resourceGroupName `
      -SubjectName $subjectName `
      -AppServicePlanName $appServicePlanName `
      -Location $appServicePlan.Location `
      -TemplateFile "CreateHttpFreeCert.json" 

This script will only create an App Service Managed Certificate for a custom domain that has already been added to your web app. If you run this script before adding a custom domain to the web app, the script will fail.

If you are still getting the error after using the script please let us know.

Hope that helps.

-Grace


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Grmacjon-MSFT Is there any update on this? I am still getting the same error. I have even tried deleting and recreating my App Service Plan resource in Azure but I still cannot set up SSL for the apex domain either through the UI or via the powershell script.

1 Vote 1 ·

Hello,

Thank you for your response. Unfortunately I am not able to run that script.
I get the following error with line 16.

New-AzureRmResourceGroupDeployment : A parameter cannot be found that matches parameter name 'SubjectName'.


I did not have AzureRM installed so prior to running the script I ran this line to install it.
Install-Module -Name AzureRM -Repository PSGallery.


91533-image.png


0 Votes 0 ·
image.png (43.4 KiB)

Hello @ClaytonThorrez-4108,


If the filepath you specified is invalid (for example the file isn’t found)– you will receive the ‘parameter cannot be found’ error message. To fix this please sure you have specified the correct path/filename. The -TemplateFile parameter should point to your Azure RM template JSON file. The ARM template specified in the script uses the "CreateHttpFreeCert.json" file.

Please see this blog for more details.

hope that helps.

-Grace


0 Votes 0 ·

Ah, you're right I did not correctly follow the blog.
I have now run it correctly referencing the CreateHttpFreeCert.json file but get another error.

It cannot find the A record. Some additional information that may help. The name of my app service resource in Azure is <my domain> so I'm not 100% sure if the error message is referencing the resource or the domain. For the subjectName parameter in the script I put "<my doomain>.com".

When I do nslookup <my domain>.com, I get the correct IP address of the App Service resource.

I used CloudFlare to set up the A record on the apex domain.

Does any of this information help make sense of the error I am getting?
91560-image.png

![91566-image.png][2] [2]: /answers/storage/attachments/91566-image.png


0 Votes 0 ·
image.png (11.9 KiB)
image.png (69.8 KiB)
KSweeney-5248 avatar image
1 Vote"
KSweeney-5248 answered ClaytonThorrez-4108 commented

I'm having the same issue. I was wondering if there was any resolution?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@KSweeney-5248 After deleting an recreating my resources and app service I just gave up of getting the apex domain to work. Instead I just got ssl on the www and made a redirect rule in cloudflare to direct traffic from apex domain to www. :/

0 Votes 0 ·