question

JoshDinndorf-5168 avatar image
0 Votes"
JoshDinndorf-5168 asked ryanchill answered

App Service Managed Certificates renewal requirements?

What are the requirements for App Service Managed Certificate auto renewal? If it fails do we get notified?


I know to create the cert the cname needs to be directly pointed to <app-name>.azurewebsites.net.

We mask our cnames behind Cloudflare. We turned that off briefly during creation but now turned it back on. I want to confirm if we need to do that during renewal also.


Similar but just for initial creation.
https://docs.microsoft.com/en-us/answers/questions/227877/app-service-managed-certs-alternative-validation-m.html

azure-webappsazure-webapps-ssl-certificates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ryanchill avatar image
0 Votes"
ryanchill answered

Hi @JoshDinndorf-5168,

There isn't OOB notification that will send the alert if the cert renewal fails. However there is an available Managed Cert Renewal detector under Diagnose and solve problems blade that you can use to check for errors.

119077-image.png

For managed certs, there's a job that runs periodically and will attempt the renewal process if the cert expiration date is within 45 days. Since the managed cert is through DigiCert, it needs to be able to find a DNS record with CNAME pointed to <yourwebapp>.azurewebsites.net. After successful validation, DigiCert will issue the cert and App Service will pull it.



image.png (45.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.