How to fix a Certificate Name Mismatch on a managed certificate for an Azure App Service

Question

I have an Azure App Service with a custom domain. I have 2 managed certificates, one for www and one for non-www domain. Everything seems to be functioning as it should. However, when running the domain through SSL Labs, it comes back with a Certificate Name Mismatch. How do I fix this? Of note: I have since started testing a MAUI ios app that connects to an API on this domain and am getting a "An SSL error has occurred and a secure connection to the server cannot be made." error. That is what led me to testing the domain on SSL Labs and I suspect that is the issue. The website works fine on browsers and my Android app does not have any issues.

Answer 1

Heath Hekkers, As I understand you are facing an issue with App Service managed certificate (ASMC), certificate name mismatch (but, the website works fine across different platforms) – Just to highlight, Azure fully manages the certificates on your behalf, so any aspect of the managed certificate, including the root issuer, can change at anytime. These changes are outside your control. Make sure to avoid hard dependencies and "pinning" practice certificates to the managed certificate or any part of the certificate hierarchy.

App Service certificate vs App Service managed certificate (ASMC) -  The free certificate comes with the following limitations: See this doc

The free certificates are issued by DigiCert. For some domains, you must explicitly allow DigiCert as a certificate issuer by creating a [CAA domain record] with the value: 0 issue digicert.com.

  You may always leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal. (screenshot below)

In the left navigation, click on Diagnose and solve problems - Run – “Configuration and Management”  and “SSL and Domains” to fetch more info.

  Also, see this doc -An App Service is showing the wrong certificate

Kindly let us know, I'll follow-up with you further.