App Service Managed Certificates for apex domains

Question

I have a webapp that is connected to by a number of domains, each secured with App Service Managed Certificates. I've previously created certs for two apex domains on this app, based on A records in DNS, but today I am getting the message that I need an active CNAME record to do this.

Is this regression intentional? What's the supported behaviour expected to be here?

EDIT: I've got a few domains to set up/migrate in the same way, and I just tried another, and it's worked... so the issue is specific to one apex domain. I'd be happy to share more details privately if that's useful - perhaps it's a misleading error message and there's something else wrong with the DNS?

Answer 1

Hello @Dan Puzey ,

This is a known issue and the ASMC team is working on deploying a fix. In the meantime, can you please try this Powershell script:

#Connect-AzureRmAccount  
  
$subscription = "SUBSCRIPTION-ID"  
$resourceGroupName = "RESOURCE-GROUP-NAME"  
$appServicePlanName = "APP-SERVICE-PLAN-NAME"  
$subjectName = "DOMAIN-NAME"  
  
Set-AzureRmContext -SubscriptionId $subscription  
  
$appServicePlan = Get-AzureRmResource `  
    | Where-Object {$_.ResourceGroupName -eq $resourceGroupName } `  
    | Where-Object {$_.Name -eq $appServicePlanName}  
  
New-AzureRMResourceGroupDeployment `  
    -ResourceGroupName $resourceGroupName `  
    -SubjectName $subjectName `  
    -AppServicePlanName $appServicePlanName `  
    -Location $appServicePlan.Location `  
    -TemplateFile "CreateHttpFreeCert.json"   

This script will only create an App Service Managed Certificate for a custom domain that has already been added to your web app. If you run this script before adding a custom domain to the web app, the script will fail.

Hope that helps.

-Grace