@B A Thanks for reaching here!
To further elaborate here-
Before a certificate expires, make sure to add the new certificate to your App Service and update any places where the certificate is used. For example, For an uploaded certificate, there's no automatic binding update. Based on your scenario, review the corresponding section:
You also want to know that when you replace an expiring certificate, the way you update the certificate binding with the new certificate might adversely affect user experience.
For example, your inbound IP address might change when you delete a binding, even if that binding is IP-based. This result is especially impactful when you renew a certificate that's already in an IP-based binding.
To avoid a change in your app's IP address, and to avoid downtime for your app due to HTTPS errors, follow these steps in the specified sequence:
- Upload the new certificate.
- Go to your app's Custom domains page, click on the actions button (...), and choose Update binding.
- Select the new certificate and click Update.
- Delete the old certificate.
By doing this, you can avoid any interruptions to your app's service and prevent issues like HTTPS errors.
Please let us know if know if further query or issue remains.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 98%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 59%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)