Custom domain names and certificates in Azure Container Apps

Azure Container Apps allows you to bind one or more custom domains to a container app.

  • Every domain name must be associated with a domain certificate.
  • Certificates are applied to the container app environment and are bound to individual container apps. You must have role-based access to the environment to add certificates.
  • SNI domain certificates are required.
  • Ingress must be enabled for the container app

Note

To configure a custom DNS suffix for all container apps in an environment, see Custom environment DNS suffix in Azure Container Apps.

Add a custom domain and certificate

Important

If you are using a new certificate, you must have an existing SNI domain certificate file available to upload to Azure.

  1. Navigate to your container app in the Azure portal

  2. Verify that your app has ingress enabled by selecting Ingress in the Settings section. If ingress is not enabled, enable it with these steps:

    1. Set HTTP Ingress to Enabled.
    2. Select the desired Ingress traffic setting.
    3. Enter the Target port.
    4. Select Save.
  3. Under the Settings section, select Custom domains.

  4. Select the Add custom domain button.

  5. In the Add custom domain window, enter the following values for the Enter domain tab:

    Setting Value Notes
    Domain Enter your domain name. Make sure the value is just the domain without the protocol. For instance, example.com, or www.example.com.
    Hostname record type Verify the default value. The value selected automatically is Azure's best guess based on the form of the domain name you entered. For an apex domain, the value should be an A record, for a subdomain the value should be CNAME.
  6. Next, you need to add the DNS records shown on this window to your domain via your domain provider's website. Open a new browser window to add the DNS records and return here once you're finished.

  7. Once the required DNS records are created on your domain provider's account, select the Validate button.

  8. Once validation succeeds, select the Next button.

  9. On the Bind certificate + add tab, enter the following values:

    Setting Value Notes
    Certificate Select an existing certificate from the list, or select the Create new link. If you create a new certificate, a window appears that allows you to select a certificate file from your local machine. Once you select a certificate file, you're prompted to add the certificate password.

    Once you select a certificate, the binding operation may take up to a minute to complete.

Once the add operation is complete, you see your domain name in the list of custom domains.

Note

For container apps in internal Container Apps environments, additional configuration is required to use custom domains with VNET-scope ingress.

Managing certificates

You can manage certificates via the Container Apps environment or through an individual container app.

Environment

The Certificates window of the Container Apps environment presents a table of all the certificates associated with the environment.

You can manage your certificates through the following actions:

Action Description
Add Select the Add certificate link to add a new certificate.
Delete Select the trash can icon to remove a certificate.
Renew The Health status field of the table indicates that a certificate is expiring soon within 60 days of the expiration date. To renew a certificate, select the Renew certificate link to upload a new certificate.

Container app

The Custom domains window of the container app presents a list of custom domains associated with the container app.

You can manage your certificates for an individual domain name by selecting the ellipsis (...) button, which opens the certificate binding window. From the following window, you can select a certificate to bind to the selected domain name.

Next steps