This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 22%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EW%3C/text%3E%3C/svg%3E)
I'm trying to get a managed certificate for my custom domain (a subdomain on another domain), but it keeps failing.
Failed to create App Service Managed Certificate for
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Thanks for reaching here! As you mentioned you scaled down your web App to free tier so this might be issue as F1 or D1 tier, doesn't support custom domain and TLS/SSL you need to scale-up also suggest you to start fresh if possible.
You need to select any non-free tier, such as B1, B2, B3, or any other tier in the Production category.
Check Scale up your App Service plan
Also suggest you refer some of limitation while using free managed certificate
Check- Tutorial: Map an existing custom DNS name to Azure App Service.
I'm afraid there's been a misunderstanding. This production version has been using S1 tier since the beginning, so that is most definitely not the issue.
Thank you for the links, but I have read those tutorials many times. The custom domain was working already, the issue is related to certificates. And those limitations don't seem to be the issue. Like I explained, I already got it working once, so my service was already working with those limitations.
Anyway, the good news is that the certificate started working. No action was required from my part except waiting and adding a binding again.
@William Thanks for reply! Appreciate for sharing the resolution that waiting and adding a binding again works for you.
This will help other community members as a guidance when facing similar issue.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 77%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMV%3C/text%3E%3C/svg%3E)
Hi Folks.
I'm facing the same issue as reported here. I've waited so many days, and even reinstalling the webapp and with adding a new domain, i get the same error
Error adding managed certificate: Pending managed certificate failed: Certificate creation was rejected by CA for canonical name www.domain.com: A CNAME record was found but does not point to a whitelisted domain. If retrying does not help, please contact support for assistance.