Hi Steve,
No, you cannot get the TLS/SSL binding before adding the CNAME record. Azure's requirement for an active CNAME record is a security measure to ensure domain ownership before issuing SSL certificates. Without this verification step, Azure cannot guarantee the legitimacy of the domain, and therefore, SSL certificates cannot be provisioned.. This process helps prevent unauthorized individuals from obtaining SSL certificates for domains they don't own.
However, if you need SSL for your web app immediately and cannot wait for the DNS changes to propagate, you have a few alternatives:
- Bring Your Own Certificate (BYOC): You can use a certificate purchased from a third-party Certificate Authority (CA) or issued by a service like Let's Encrypt, and then upload it to Azure App Service. This way, you can have SSL for your domain without waiting for the CNAME record verification. Keep in mind that you'll need to manage the certificate renewal process yourself.
- Wildcard SSL Certificate: If you're planning to use subdomains under your main domain, you might consider purchasing a wildcard SSL certificate that covers all subdomains (*.yourdomain.com). This can be uploaded to Azure App Service, providing SSL for your entire domain and any subdomains without needing individual certificates for each subdomain.
- Temporary SSL Solution: As a temporary solution, you could use a self-signed SSL certificate or a free certificate from services like Let's Encrypt for the transition period until the App Service Managed Certificate is issued. While not ideal for production use, it can provide SSL protection during the DNS propagation period.
Please check this doc for ref https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex
Kindly accept answer if it helps
Thanks
Deepanshu