Merge pull request #270321 from yutanglin16/patch-24

prmerger-automator[bot] · web-flow · commit 0f15ca822c9b · 2024-03-27T14:52:45.000Z
Add info on DNS Record verification regardless off cert SKU and root …
diff --git a/articles/app-service/configure-ssl-app-service-certificate.md b/articles/app-service/configure-ssl-app-service-certificate.md
@@ -98,7 +98,7 @@ The following domain verification methods are supported:
 | **App Service Verification** | The most convenient option when the domain is already mapped to an App Service app in the same subscription because the App Service app has already verified the domain ownership. Review the last step in [Confirm domain ownership](#confirm-domain-ownership). |
 | **Domain Verification** | Confirm an [App Service domain that you purchased from Azure](manage-custom-dns-buy-domain.md). Azure automatically adds the verification TXT record for you and completes the process. |
 | **Mail Verification** | Confirm the domain by sending an email to the domain administrator. Instructions are provided when you select the option. |
-| **Manual Verification** | Confirm the domain by using either a DNS TXT record or an HTML page, which applies only to **Standard** certificates per the following note.  The steps are provided after you select the option. The HTML page option doesn't work for web apps with "HTTPS Only' enabled. For subdomain verification, the domain verification token needs to be added to the root domain. |
+| **Manual Verification** | Confirm the domain by using either a DNS TXT record or an HTML page, which applies only to **Standard** certificates per the following note.  The steps are provided after you select the option. The HTML page option doesn't work for web apps with "HTTPS Only' enabled. For domain verification via DNS TXT record for either root domain (ie. "contoso.com") or subdomain (ie. "www.contoso.com", "test.api.contoso.com") and regardless of certificate SKU, you need to add a TXT record at the root domain level using '@' for the name and the domain verification token for the value in your DNS record. |
 
 > [!IMPORTANT]
 > With the **Standard** certificate, you get a certificate for the requested top-level domain *and* the `www` subdomain, for example, `contoso.com` and `www.contoso.com`. However, **App Service Verification** and **Manual Verification** both use HTML page verification, which doesn't support the `www` subdomain when issuing, rekeying, or renewing a certificate. For the **Standard** certificate, use **Domain Verification** and **Mail Verification** to include the `www` subdomain with the requested top-level domain in the certificate.
