You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/configure-ssl-certificate.md
+13-3Lines changed: 13 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,17 +58,27 @@ To secure a custom domain in a TLS binding, the certificate has additional requi
58
58
> [!NOTE]
59
59
> Before creating a free managed certificate, make sure you have [fulfilled the prerequisites](#prerequisites) for your app.
60
60
61
-
The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service. It's a TLS/SSL server certificate that's fully managed by App Service and renewed continuously and automatically in six-month increments, 45 days before expiration. You create the certificate and bind it to a custom domain, and let App Service do the rest.
61
+
The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service. It's a TLS/SSL server certificate that's fully managed by App Service and renewed continuously and automatically in six-month increments, 45 days before expiration, as long as the prerequisites set-up remain the same without any action required from you. All the associated bindings will be updated with the renewed certificate. You create the certificate and bind it to a custom domain, and let App Service do the rest.
62
62
63
63
The free certificate comes with the following limitations:
64
64
65
65
- Does not support wildcard certificates.
66
66
- Does not support usage as a client certificate by certificate thumbprint (removal of certificate thumbprint is planned).
67
+
- Does not support private DNS.
67
68
- Is not exportable.
68
-
- Is not supported on App Service not publicly accessible.
69
69
- Is not supported on App Service Environment (ASE).
70
+
- Only supports alphanumeric characters, dashes (-), and periods (.).
71
+
72
+
# [Apex domain](#tab/apex)
73
+
- Must have an A record pointing to your web app's IP address.
70
74
- Is not supported with root domains that are integrated with Traffic Manager.
71
-
- If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to `<app-name>.azurewebsites.net`.
75
+
- All the above must be met for successful certificate issuances and renewals
76
+
77
+
# [Subdomain](#tab/subdomain)
78
+
- Must have CNAME mapped _directly_ to <app-name>.azurewebsites.net; using services that proxy the CNAME value will block certificate issuance and renewal
79
+
- All the above must be met for successful certificate issuance and renewals
80
+
81
+
-----
72
82
73
83
> [!NOTE]
74
84
> The free certificate is issued by DigiCert. For some domains, you must explicitly allow DigiCert as a certificate issuer by creating a [CAA domain record](https://wikipedia.org/wiki/DNS_Certification_Authority_Authorization) with the value: `0 issue digicert.com`.
0 commit comments