Managed certificate failed.

RJN 20 Reputation points
2024-08-10T23:19:04.16+00:00

I'm trying to add a custom domain to my Azure App Service. I've updated the DNS records and the verification passes but the App Service Managed Certificate will not generate. I get the following message:

    "statusMessage": "{\"status\":\"Failed\",\"error\":{\"code\":\"ResourceOperationFailure\",\"message\":\"The resource operation completed with terminal provisioning state 'Failed'.\",\"details\":[{\"code\":\"BadRequest\",\"message\":\"Pending managed certificate failed: Pending certificate expired. Please try again. Refer to the documentations for more info: https://go.microsoft.com/fwlink/?linkid=2158627.\"}]}}"
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,630 questions
{count} votes

Accepted answer
  1. ajkuma 25,626 Reputation points Microsoft Employee
    2024-08-19T19:38:11.4166667+00:00

    RJN , Apologies for the delayed response.

    Based on my understanding of your issue description, App Service Managed Certificate (ASMC) failed to generate due to an expired pending certificate. Typically, this can happen if the certificate validation process takes too long and the pending certificate expires before the validation is complete.

    App Service certificate vs App Service managed certificate (ASMC) -  The free certificate comes with the following limitations:#create-a-free-managed-certificate

    The free certificates are issued by DigiCert. For some domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.

    If you haven't done already already, you may always leverage App Service diagnostics from Azure Portal> Navigate to your App Service app in the Azure Portal.

     In the left navigation, click on Diagnose and solve problems - Run – “Configuration and Management”  and “SSL and Domains” to fetch more info.

    Also, try the following steps:

    1. Delete the failed certificate from the Azure portal.
    2. Wait for a few minutes to ensure that the certificate is fully deleted.
    3. Request a new certificate by following the steps to add a custom domain to your Azure App Service.
    4. Wait for the certificate to be generated.

    If the issue persists, you may also check the DNS records to ensure that they are correctly configured and that the domain is pointing to the correct IP address.


    If the answer helped (pointed, you in the right direction) > please click Accept Answer to benefit the community find answers quickly to similar question_._

    1 person found this answer helpful.
    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. akinbade abiola 14,590 Reputation points
    2024-08-11T02:15:42.8766667+00:00

    Hello RJN,

    Thanks for your question.

    The error suggests that the pending managed certificate has expired. This can happen if the certificate generation process takes too long or encounters issues. Try the steps here:

    • Verify DNS config. check that all DNS records (A, CNAME, TXT) are correctly set up for the custom domain.
    • You can also re-add custom domain
    • If this doesnt fix, try a new certificate

    See: https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-domain-ssl-certificates?source=recommendations

    You can mark it 'Accept Answer' and 'Upvote' if this helped you

    Regards,

    Abiola


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.