question

NicholasElliott-9514 avatar image
1 Vote"
NicholasElliott-9514 asked LuqmanHussain-1043 answered

Timeout creating an azure App Service Managed Certificate

We are trying to create an app service managed certificate to secure our custom domain with SSL. However, every time this is attempted we receive a timeout error.

For a bit more detail; the primary domain we want to use is currently successfully hosted on a different app service, successfully secured with an SSL certificate. This works great.

We want to migrate this domain from the current app service it points to, to a new one. For this new one we have added the custom domain. However, when we attempt to create the managed certificate, the operation starts... but never ends, and some hours later eventually times out.

Is this a known issue, or are we doing something wrong?

azure-webapps-ssl-certificates
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

125258-image.png



This is the resulting timeout error.

0 Votes 0 ·
image.png (10.5 KiB)

Thanks for asking question! If I have understood right, you are trying to create free Azure app service managed certificate. {This is a private certificate that's free of charge and easy to use if you just need to secure your custom domain in App Service. }

Could you please make sure if below prerequisites for your app is fulfilled:

• Map the domain you want a certificate for to App Service. For information, see Tutorial: Map an existing custom DNS name to Azure App Service.
• For a root domain (like contoso.com), make sure your app doesn't have any IP restrictions configured. Both certificate creation and its periodic renewal for a root domain depends on your app being reachable from the internet.

Check if there is CAA records on the domain then removing those records and then try again.


0 Votes 0 ·
SnehaAgrawal-MSFT avatar image
0 Votes"
SnehaAgrawal-MSFT answered

Further for free certificate there are some below limitations:
• Does not support wildcard certificates.
• Does not support usage as a client certificate by certificate thumbprint (removal of certificate thumbprint is planned).
• Is not exportable.
• Is not supported on App Service Environment (ASE).
• Is not supported with root domains that are integrated with Traffic Manager.
• If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to <app-name>.azurewebsites.net.

Also Note that The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.

Let us know if issue remains.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuqmanHussain-1043 avatar image
0 Votes"
LuqmanHussain-1043 answered

I have the same problem. it worked fine on one site but not on another. the www.domain.com cname worked when creating ssl for it. however when creating for just domain.com it timed out after having waited a long time. tried multiple times. same thing.

on a different azure app service it worked for both no issues. cant see any obvious difference between their dns settings.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.