App Service Managed Certificate error for dedicated IP

Question

We have been using App Service Managed Certificates for domains that use SNI with no problem but cannot use them for domains with dedicated IPs.

The error returned is: Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded.

We are trying to secure the root domain and also the www sub-domain.

(We noticed this error also occurs if try to update using a new pfx certificate if we don't delete either the root binding or the www binding first).

So the issue occurs any time we use a different certificate for the root domain and www sub-domain. But because we need a separate App Service Managed certificate for the root and www, this error always occurs.

How can we do this?

Answer 1

Switch to SNI-based SSL if possible. So you can use Managed Certificates for both the root domain and www subdomain without running into IP address limitations.

You can also try using an external wildcard certificate.

See: https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-domain-ssl-certificates

You can mark it 'Accept Answer' and 'Upvote' if this helped you

Regards,

Abiola

Answer 2

We want to keep using the dedicated IP address. We are currently using a Geotrust QuickSSL (it covers both the root and www) which works but thought we could switch the Managed Certificates because they auto-renew.

I don't understand why this problem occurs. Why can't both the Managed root certificate and the www certificate use the same IP? There must be a way to do this.