Error when creating App Service Managed Certificates for root domain

Xavier Buillit 96 Reputation points
2021-04-12T12:56:00.907+00:00

Hello,

I'm trying to create an app service managed certificate for root domain as it's described in https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html .
The domain is added and point to the right place, I have also added the CAA record but even if I use the script given on the blog post I get the same error than on the interface.

On the script:

Status Message: Properties.CanonicalName is invalid. Not found A record directly pointing to outbound ip address of website azerty-lp-897987987. Current A record record of the hostname is empty. (Code: BadRequest)

On the interface

Hostname not eligible for App Service Managed Certificates creation. Ensure that your domain xxxxxxxxxxxx.app has an A record which is set to 20.50.2.7.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,829 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Grmacjon-MSFT 15,606 Reputation points
    2021-04-13T23:01:08.11+00:00

    Hi @Xavier Buillit ,

    App Service Managed Certificate comes with the following limitations:

    Does not support wildcard certificates.
    Does not support naked domains.
    Is not exportable.
    Is not supported on App Service Environment (ASE)
    Does not support A records. For example, automatic renewal doesn't work with A records.

    Also, you may need to add 0 issue digicert.com to your CAA record.

    Please double-check to make sure your CNAME meets the above requirements. Let us know if you have further questions.

    Best,
    Grace