App Service Managed Certificates renewal requirements?

Josh Dinndorf 51 Reputation points
2021-07-28T20:38:54.623+00:00

What are the requirements for App Service Managed Certificate auto renewal? If it fails do we get notified?

I know to create the cert the cname needs to be directly pointed to <app-name>.azurewebsites.net.

We mask our cnames behind Cloudflare. We turned that off briefly during creation but now turned it back on. I want to confirm if we need to do that during renewal also.

Similar but just for initial creation.
https://learn.microsoft.com/en-us/answers/questions/227877/app-service-managed-certs-alternative-validation-m.html

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,757 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ryan Hill 28,106 Reputation points Microsoft Employee
    2021-07-29T15:00:46.887+00:00

    Hi @Josh Dinndorf ,

    There isn't OOB notification that will send the alert if the cert renewal fails. However there is an available Managed Cert Renewal detector under Diagnose and solve problems blade that you can use to check for errors.

    119077-image.png

    For managed certs, there's a job that runs periodically and will attempt the renewal process if the cert expiration date is within 45 days. Since the managed cert is through DigiCert, it needs to be able to find a DNS record with CNAME pointed to <yourwebapp>.azurewebsites.net. After successful validation, DigiCert will issue the cert and App Service will pull it.

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.