This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 25%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJH%3C/text%3E%3C/svg%3E)
We would like to use App Service Managed Certs for our webapps, but they reside behind Cloudflare. Because of this, ASMC will not validate because the CNAME doesn't point to azurewebsites.net. Is there any plan to add alternative validation methods? Checking if the custom domain in the web app is already validated is used to validate paid App Service Certificate purchases now. ASMC should be able to do this as well I would think.
Hi @Joe H ,
It looks likes you asked this question a couple of months ago on this post. Nothing has changed with the validation process. The only way to validate an App Service Managed Certs for your webapps is if your custom domain has a CNAME pointed to your <app-name>.azurewebsites.net.
Thanks,
Grace
Yes this still looks to be a problem.
The actual response should be:
"The only way to validate an App Service Managed Certs for your webapps is if your custom domain has a CNAME pointed to your <app-name>.azurewebsites.net and be PUBLICLY RESOLVABLE to the CNAME record" aka no record based masking.
It seems a bit stupid for this tbh, considering other providers use HTTP/HTTPS validation methods to ensure the traffic sent, is received by the service.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 48%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Yeah, this really pisses me off. We also use Cloudflare and can't use ASMC because of this. The ridiculous thing is that they've already verified my custom domains that I want the certs for. No reason they couldn't use a TXT record or HTTP validation method either.