Reputation: 5976
Create App Service Managed Certificates by Azure
I want to create certification by App Service Managed Certificate.
I set these records
and it works correctly but when I want to create App Service Managed Certificates by Azure I got a strange error
Failed to create App Service Managed Certificate for hostname. Click here for more details.
I try different CAA records and none of them works. what should I do?
and if I want to use terraform it is stuck at creating the certificate
I use this template
Upvotes: 1
Views: 1639
Answers (4)
Reputation: 471
Good news on App service managed certificate. Yes, you heard correctly it became GA now and supports apex domain with a country code top-level domain (ccTLD).
Key Features:
- Supports Apex domain.
- Auto renewed.
- Expired in 6 month.
- Auto renew 45 days before expiration.
- Automate using ARM template.
- App Service Managed Certificate for apex domain will take a bit longer to create than for sub-domain because it uses a different validation method.
- Not exportable.
I hope this will help you in securing your environment.
Upvotes: 1
Reputation: 3163
App Service Managed Certificate is still in Preview, there are some limitations with this (as of today), kindly check them below. It's a private certificate to use if you just need to secure your www custom domain or any non-naked domain in App Service.
The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.
The free certificate comes with the following limitations:
- Does not support wildcard certificates.
- Does not support naked domains.
- Is not exportable.
- Is not supported on App Service Environment (ASE)
- Does not support A records. For example, automatic renewal doesn't work with A records.
Kindly see the different between App Service Certificate and App Service Managed Certificate. https://microsoft.github.io/AzureTipsAndTricks/blog/tip259.html
Checkout this documentation for more details.
Upvotes: 0
Reputation: 3398
Maybe the tutorial you need is this:
I had seen this error before, and solve it by the steps below:
- Check the CNAME records. Map a subdomain to the app's default domain name needs two records: CNAME record and TXT record.
- Make sure you enabled the CNAME record mapping in Azure .
- Clear the records you don't need, like the CAA records, because wildcard certificatesis not support for creating a free certificate. Take care of the limitations.
- It may takes a while for this configuration to take effect.
Upvotes: 0
Related Questions
- Azure SSL Certificate
- Azure App Service and Certificate Authority
- Create App Service Managed Certificates says success, but certificate does not appear
- Azure App Services and SSL Certificate
- Failed to create App Service Managed Certificate
- How to manage Azure App Service Certificate
- Upload Certificate to App Service from key Vault
- How to move App service Certificate with the Webapps and their certificates across subscription
- Assign an SSL certificate to an Azure App Service