question

StewartRand-4493 avatar image
10 Votes"
StewartRand-4493 asked YashvitNaik-2754 answered

Cannot create App Service Managed Certificate with error "Only letters and numbers are allowed"

I am attempting to add a free managed certificate to my app services, but receiving the following error:

Properties.CanonicalName is invalid. Canonical name www-uat.example.com.au includes at least one special character. Only letters and numbers are allowed.

However, I was able to successfully create a certificate in another subscription (same azure region, and naming format [www-prod.example.com.au]) about a week ago, and have previously never had issues requesting certificates with hyphens in the name. I cannot find any documentation or troubleshooting posts mentioning this limitation - has this been changed recently?

The portal shows a green tick when attempting to request, but gives the above error when clicking 'Create'

Hostname eligible for certificate creation. Click Create to create your App Service Managed Certificate.

Deploying via ARM template gives the same error.

Status Message: Properties.CanonicalName is invalid. Canonical name www-uat.example.com.au includes at least one special character. Only letters and numbers are allowed. (Code: BadRequest)

Other variations of this URL format also fail (www-dev.example.com.au, authoring-uat.example.com.au).




azure-webappsazure-webapps-ssl-certificatesazure-webapps-custom-domains
· 17
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for bringing this to our attention @StewartRand-4493 . This is odd behavior. We will check in with the engineering team to see if there's a fix or a possible workaround for this error and will update this thread

Best,
Grace

1 Vote 1 ·

Hi, I'm getting the same issue.
On Friday 11th June (4days ago) I successfully created 6 Webapps with custom domains all with the same format (xxx.dev.xxx-xxx.co.uk) . Yesterday spent all day trying to add another in a slightly different format (extra sub-domain) and kept getting the below error. Finally thought it was something I was doing wrong and rolled it all back but now I cannot re-add the certificate which I added OK on Friday, getting the same error below.

Properties.CanonicalName is invalid. Canonical name xxx.dev.xxx-xxx.co.uk includes at least one special character. Only letters and numbers are allowed.

1 Vote 1 ·

Hello @StewartRand-4493 and @06447697 I got confirmation from the engineering team that this is a bug. The team is working on a fix but we don't have a sharable ETA at this moment. I will update you as soon as a fix is rolled out. We sincerely apologize for the inconvenience this issue has caused.

We appreciate your patience as we work to resolve this issue.

Thanks,
Grace


3 Votes 3 ·

Getting the same error. This seemed to be a rather bad bug since I would guess lots and lots of test URLs would have -dev or -int on them.

0 Votes 0 ·

Hi @MosesYap-6442,

We apologize for the inconvenience this issue has caused. The App Service Managed Certificate team is working internally to fix this issue. Thanks for your patience.

-Grace

0 Votes 0 ·

Even i am getting this issue when trying to create the certificate from "Create App Service Managed Certificates"

0 Votes 0 ·

We are having the same issue. We will be monitoring this issue.

0 Votes 0 ·
Show more comments
Grmacjon-MSFT avatar image
1 Vote"
Grmacjon-MSFT answered ajkuma-MSFT commented

Hello everyone,

This issue is now resolved. The fix has been deployed to every region. Thank you so much for your patience!

Best,
Grace

· 23
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@Grmacjon-MSFT I am still getting this in a central-us resource group. Tried both through the portal and the Azure CLI.

"Properties.CanonicalName is invalid. Canonical name (something with only a hyphen in it) includes at least one special character. Only letters and numbers are allowed."

2 Votes 2 ·

we have same issue with centeral-us. as of jun 24th-2021.

2 Votes 2 ·

Hi All ( @RobertSimmons-9582, @YutaWakita-3134, @BenjaminAkhtary-1696, @drdamour )

Apologies for the inconvenience this issue has caused. it looks like there are still a few more regions the fix is being deployed to. We will keep updating this thread daily with any new updates from the engineering team.

Thanks,
-Grace

2 Votes 2 ·

Still happening for me in central-us

2 Votes 2 ·

@Sean-0825, The deployment is still in progress for central-us. I'm constantly in touch with our engineering team and I'll post back as soon as I hear from them.

Apologies for the inconvenience!

0 Votes 0 ·

Why not mark this as 'unresolved' until it actually is so we dont have to dig through the comment tree to see where in the process it is?

0 Votes 0 ·

central-us is working. Have created a number of certificates with dash in sub-domain

0 Votes 0 ·
Show more comments

Ditto to @RobertSimmons-9582
I still got the same error right now in JapanEast if a CN includes a hyphen.
108710-image.png


1 Vote 1 ·
image.png (5.9 KiB)

@YutaWakita-3134, Thanks for your patience. Deployment for JapanEast was completed. Please try to recreate an App Service Managed Certificate for your app(s) and confirm that it is working. if you run into any other issues please let us know.

1 Vote 1 ·

Hi @ajkuma-MSFT ,
I finally succeeded to create a managed cert in Japan East!
Thank you for notifying me.
110552-image.png


0 Votes 0 ·
image.png (12.8 KiB)
Show more comments
Show more comments
Grmacjon-MSFT avatar image
1 Vote"
Grmacjon-MSFT answered Grmacjon-MSFT commented

Hi everyone,

We apologize for the frustration and impact this issue has caused. Thank you so much for your patience. The engineering team deployed a fix which should be rolling out over the next week.

Best,
Grace

· 37
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'm facing the same issue. West Europe region. The domain of my website has a "-"

2 Votes 2 ·

The same here. can you please let us know when Southeast Asia has been fixed ? Thanks

1 Vote 1 ·

Hi nngo-007, yes we will update you when deployment for Southeast Asia is complete. We appreciate your patience.

Thanks,
Grace

0 Votes 0 ·

Could you please provide the deploy timeline for East US? I'm still getting this error.

1 Vote 1 ·

Hello @RodrigoMarques-6430,

Thanks for your patience. Deployment for East US is now completed. Please try to recreate an app service manage cert for your app(s) and confirm that it is working. if you run into any other issues please let us know.

Best,
Grace

0 Votes 0 ·

Thanks @Grmacjon-MSFT, it's now working.

1 Vote 1 ·

Thanks Grace! Could you provide a bit more information on the roll out? Will certain regions be rolled out first? Will we be updated when the roll-out is completed?
Regards,
Rob

0 Votes 0 ·

@RobWeber-3862,

Yes, typically the rollout would happen to certain regions first, and we avoid deploying to paired Regions at the same time (for example, East US and West US).
We will continue to post an update here on the progress and/ as we have more information available from our product team.

I completely understand this issue could be frustrating. Our product engineering team is actively working on it. As Grace mentioned, the fix is deployed which should be rolling out over the next week, but we do not have an exact ETA to share.

At this time - currently if the name contains “-“. If feasible, please use a different hostname until the fix is rolled out.

Thanks for your patience on this!

1 Vote 1 ·

Thanks for the update. Can you confirm that the fix also includes the scenario where the special character (hyphen in my case) is in the domain name? For example www.some-name.co.uk

1 Vote 1 ·
Show more comments

Hi @Grmacjon-MSFT ,
Please can you be more precise about when the fix should be applied in the West Europe region ?
We deploy numeorus Web Apps and most of them have a "-" in their domain name

Thanks
Giovanni

0 Votes 0 ·
blayen avatar image blayen giovannifleres-3690 ·

"+1" for West Europe. Same problem as giovanni - domain name with "-".
Timeframe would be most appreciated.
Thanks
PM

0 Votes 0 ·

@giovannifleres-3690 , @Hannes-1053, @blayen ,
// @Grmacjon-MSFT

To keep you posted: West Europe is rolling right now. Thanks for your patience!

0 Votes 0 ·
Show more comments

Hi @giovannifleres-3690 , @Hannes-1053, @blayen ,

We will check internally with the engineering team to see if the fix has been completed in the West Europe region and update this thread. The estimated timeframe for completion for all regions is about 7 business days. Thanks for your patience.

Best,
Grace

0 Votes 0 ·
Show more comments
DigitalDividendAB-9065 avatar image
1 Vote"
DigitalDividendAB-9065 answered

Hello,

We are having the similar issue with App Service Managed Certificate creation. Attached snapshot as well for the error. Reason might be due to swedish characters in domain. Location is North Europe.

Any help in this regard will be appreciated128335-test-image.png



test-image.png (35.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YashvitNaik-2754 avatar image
0 Votes"
YashvitNaik-2754 answered

This issue is still not resolved!! I am facing this even today in West EU.

The domain I am using is with a dash in the url:
xxxxx-yyyyy.xyz.com

140368-ssl-error.png



ssl-error.png (23.6 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.