Hello,
We have received the email below about updates being made on July 28, 2025 that will impact our App Service Certificates. From my understanding in the email, its appears that we will not be able to create or renew our certificates starting July 28, 2025, but it states that we will need to update the secure sockets layer certificate management approach before current certificate expires. Our certificates will expire in 2026. Can you provide details on how we can renew our certificates before they expire in 2026. What is the best approach?
Upcoming policy updates will impact Azure App Service managed certificates starting 28 July 2025
You're receiving this notification because you're associated with one or more Azure subscriptions that use Azure App Service managed certificates.
As part of an upcoming industry-wide change, DigiCert, the Certificate Authority (CA) of Azure App Service managed certificates, will be required to migrate to a new validation platform to meet multi-perspective issuance corroboration (MPIC) requirements.
While the majority of certificates won't be impacted, you'll no longer be able to create or renew certificates starting 28 July 2025 if:
- Your app is only accessible privately via IP restrictions, private endpoints, or any other method that restricts public access. Public accessibility will be required.
- Your app uses nested or external endpoints. Only Azure endpoints using Azure Traffic Manager will be supported.
- Your app relies on *.trafficmanager.net domains. Traffic Manager domain certificates will no longer be supported.
If any of the scenarios above apply to you, you'll need to update your secure sockets layer (SSL) certificate management approach before your current certificate expires.
If none of the above apply, no further action is required.
Required action
To avoid service disruptions, update your SSL certificate management approach before your current certificate expires. Review the following scenarios to determine which action you need to take:
- If your app is only accessible privately, switch to public access or acquire your own SSL certificate and add it to your site.
- If your app is using nested endpoints or external endpoints with Traffic Manager, transition to Azure endpoints or acquire your own SSL certificate and add it to your site.
- If your app relies on *.trafficmanager.net" domains, migrate to a custom domain and acquire your own SSL certificate and add it to your site.
For more details on how you may be impacted by this change, read our blog.
Help and support
If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, please submit a support request.
Upcoming policy updates will impact Azure App Service managed certificates starting 28 July 2025
You're receiving this notification because you're associated with one or more Azure subscriptions that use Azure App Service managed certificates.
As part of an upcoming industry-wide change, DigiCert, the Certificate Authority (CA) of Azure App Service managed certificates, will be required to migrate to a new validation platform to meet multi-perspective issuance corroboration (MPIC) requirements.
While the majority of certificates won't be impacted, you'll no longer be able to create or renew certificates starting 28 July 2025 if:
- Your app is only accessible privately via IP restrictions, private endpoints, or any other method that restricts public access. Public accessibility will be required.
- Your app uses nested or external endpoints. Only Azure endpoints using Azure Traffic Manager will be supported.
- Your app relies on *.trafficmanager.net domains. Traffic Manager domain certificates will no longer be supported.
If any of the scenarios above apply to you, you'll need to update your secure sockets layer (SSL) certificate management approach before your current certificate expires.
If none of the above apply, no further action is required.
Required action
To avoid service disruptions, update your SSL certificate management approach before your current certificate expires. Review the following scenarios to determine which action you need to take:
- If your app is only accessible privately, switch to public access or acquire your own SSL certificate and add it to your site.
- If your app is using nested endpoints or external endpoints with Traffic Manager, transition to Azure endpoints or acquire your own SSL certificate and add it to your site.
- If your app relies on *.trafficmanager.net" domains, migrate to a custom domain and acquire your own SSL certificate and add it to your site.
For more details on how you may be impacted by this change, read our blog.
Help and support
If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, please submit a support request.
Thanks,
Sherry Robinson
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 20%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 43%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED3%3C/text%3E%3C/svg%3E)