Share via

"Create App Service Managed Certificates (Preview)" fails with Error Details: Properties.CanonicalName is invalid

jbelmonte 11 Reputation points
2020-06-23T21:04:35.63+00:00

The create pane writes "Hostname eligible for certificate creation. Click Create to create your App Service Managed Certificate."

But when I click "Create", the Creation fails with "Failed to create App Service Managed Certificate for hostname abc.mydomain.com. Click here for more details. Error Details: Properties.CanonicalName is invalid. Certificate creation failed unexpectedly for canonical name abc.mydomain.com"

The DNS for mydomain.com:

  1. contains a CNAME record for abc.mydomain.com pointing to myfirstdapp.azurewebsites.net
  2. contains a CNAME record for xyz.mydomain.com pointing to mysecomdapp.azurewebsites.net
  3. contains a wildcard CNAME record for *.mydomain.com pointing to mythirdapp.azurewebsites.net

I was able to successfully create an App Service Managed Certificate for hostname xyz.mydomain.com, but I cannot create one for abc.mydomain.com. The documentation states: "You can create only one certificate for each supported custom domain." But these are different subdomain and are connected to different app services. Does anyone know what the problem could be?

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Azka Munawar 11 Reputation points
    2022-07-04T17:07:32.577+00:00

    This is because free certificate is generated by digicert.com and some domain names need it to be explicitly defined.
    Simply add CAA record in your domain name host record listings with value: 0 issue digicert.com
    217501-capture.png

    And try creating app service managed certificate again. I hope so it will work and create ssl certificate immediately.

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  2. Jonathan Jones 6 Reputation points
    2020-08-04T08:51:03.157+00:00

    I think you'll find that your issue is because the free certificate is only supported for a single top level domain. So for example:

    abc.mydomain.com will issue
    def.mydomain.com will not issue
    ghi.myotherdomain.com will issue

    Was this answer helpful?

    1 person found this answer helpful.
    0 comments
  3. Tomislav Šulc 1 Reputation point
    2021-08-10T12:41:47.487+00:00

    I had the similar issue:
    Properties.CanonicalName is invalid. Found a duplicate certificate with (domain) available or in pending issued under serverFarmId /subscriptions/... Pending certificate operation id: (guid) , timeout: 8/10/2021 12:50:20 PM.

    And I just needed to wait for the process to complete. Some 30 minutes (In that time frame, I almost lost my mind in constantly trying to create the certificate...). So for anyone having similar issue, maybe you just have to wait.

    Was this answer helpful?

  4. Derek Chan 6 Reputation points
    2020-07-16T06:18:44.607+00:00

    I have successfully created certs for a.domain.com, b.domain.com and c.domain.com so I don't think it's that.

    it could be because you need a CAA record for abc.mydomain.com. See here for details:

    https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate#create-a-free-certificate-preview

    Note

    The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.