How to resolve error for generating and binding free App Service Managed Certificate?

Seth 25 Reputation points

Trying to add a custom domain to my Web App in Azure. I've triple checked the DNS and TXT records on my custom domain but still can't add the binding for a free App Service Managed Certificate. The deployment just sits there for hours and will never complete successfully. Also does not give me any details on why the process failed. Anybody else run into this?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,052 questions
{count} votes

Accepted answer
  1. Lex Li (Microsoft) 4,742 Reputation points Microsoft Employee

    Expand this comment as an answer.

    A key piece of information is what DNS service that you use.

    For very feature rich platforms like Cloudflare, you need to not only create the right DNS records, but also disable all their caching and/or advanced DNS features so that Azure can request and generate the managed certificate properly for your domain(s).

    In your specific case, the culprit is the CAA records, with which you control which CA might issue the certificates for your domain(s). You probably configured them earlier when you requested free certificates from Let's Encrypt, but now Azure tries to request new certificates from DigiCert.

    By removing the CAA records, you have made it working again. And if you do need those records, you can now configure them for DigiCert.

0 additional answers

Sort by: Most helpful