Cannot add managed certificate for custom domain due to difference in IP Address custom domain and inbound IP/DNS record

Question

Cannot add managed certificate for custom domain due to difference in IP Address custom domain and inbound IP/DNS record

Bas Dekker 0

Hi,

We want to add a managed certificate to our App Service for a custom domain. However. The incoming public IP differs from the custom domain public IP for the webservice. When applying for a managed certificate we get an error:

Hostname not eligible for App Service Managed Certificates creation. Ensure that your domain preventel-riskportal.nl has an A record which is set to one of the followings: <public IP shown in Custom domain blade>

In our DNS service in Azure we have A record which points to the incoming public IP of the app service which is different from the public IP which is shown in the custom domain blade and in the error above.

Please advise how to solve this.

Shree Hima Bindu Maganti 3,990 Reputation points Microsoft External Staff

2025-04-01T08:47:05.1133333+00:00

Hi @Bas Dekker ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Shree Hima Bindu Maganti 3,990 Reputation points Microsoft External Staff

2025-04-02T12:59:47.8266667+00:00

Hi @Bas Dekker ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

1 answer

Your answer

Shree Hima Bindu Maganti 3,990 Reputation points Microsoft External Staff

2025-04-01T08:47:05.1133333+00:00

Hi @Bas Dekker ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.
Shree Hima Bindu Maganti 3,990 Reputation points Microsoft External Staff

2025-04-02T12:59:47.8266667+00:00

Hi @Bas Dekker ,
We haven’t heard from you on the last response and was just checking back to see if you have a resolution yet. In case if you have any resolution please do share that same with the community as it can be helpful to others. Otherwise, will respond with more details and we will try to help.

Answer 1

Hi @Bas Dekker ,
To resolve the issue with adding a managed certificate for your custom domain, ensure that the A record in your DNS service points to the correct public IP address. The error message indicates that the custom domain's A record must match the public IP shown in the custom domain blade of your App Service.

Check the public IP address displayed in the custom domain blade of your App Service. This is the IP address your A record should point to.

In your DNS service (Azure DNS), update the A record for your custom domain to point to the public IP address shown in the custom domain blade.

After updating the A record, it may take some time for the DNS changes to propagate. Use tools like WhatsmyDNS.net to verify that your domain points to the correct IP address.

Once the A record is correctly configured and DNS propagation is complete, try applying for the managed certificate again.

By ensuring that the A record matches the public IP required for the managed certificate, you should be able to resolve the issue.
Troubleshoot domain and TLS/SSL certificate problems in Azure App Service

How to prepare for an inbound IP address change
Let me know if you have any further assistances.
Please accept the answer, so that others can get help from it.

Share via

Cannot add managed certificate for custom domain due to difference in IP Address custom domain and inbound IP/DNS record

1 answer

Your answer