Static Web App: www subdomain not working with automatic SSL certificate

TC 5 Reputation points
2023-08-28T12:45:38.9933333+00:00

New static web app setup with custom domain, using the automatic certificate Azure generates.

https://example.com works fine. However https://www.example.com fails with a certificate error.

Azure DNS seems correct. Tried both A record and CNAME record using "www" subdomain aliased to the Static Web App resource.

Certificate in browser when it works is correctly "example.com" but certificate when it fails looks like its the wildcard one for the automatic Url.

All the documentation seems to indicate only a CNAME entry is needed on Azure DNS for a custom subdomain in this case.

Any thoughts on diagnosing this appreciated.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,783 questions
Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
934 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. TC 5 Reputation points
    2023-08-29T00:41:54.86+00:00

    The problem is the Azure DNS documentation is correct only from a pure DNS perspective: yes, a CNAME entry to alias "www" works in an IP-resolution sense, but no, it requires additional steps to work with HTTPS.

    i.e. the Azure Static Web App documentation doesn't make clear that only domains listed in the custom list will have SSL certificates created for them and just talks about CNAME entries.

    Hence the IP mapping is identifying the correct target but then the TLS on top fails because the original URL (www.example.com) is not in the SSL certificate of the final target IP (example.com).

    So to make https://www.example.com work, add the CNAME alias and also add it as a Web App Custom Domain.

    Finally for additional http-only mappings (e.g. http://www.example.co.uk) a work-around is to add a Classic CDN end point (to a dummy storage account with static web pages enabled), add these domain(s) to it, add the CNAME(s), and then set a Global rule to Url Redirect to https://example.com.

    1 person found this answer helpful.
    0 comments No comments

  2. SnehaAgrawal-MSFT 21,586 Reputation points
    2023-08-31T08:48:17.42+00:00

    @TC Thanks for the feedback and sharing the solution that works for you.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.