Fix title typo and improve code formatting in App Services Managed Certificates post

rdeveen · rdeveen · commit af4542abe5a1 · 2025-06-29T17:30:58.000+02:00
diff --git a/_posts/2023-10-31-App-Services-Managed-Certificates.md b/_posts/2023-10-31-App-Services-Managed-Certificates.md
@@ -1,15 +1,12 @@
 ---
-title: "Create a (free!) App Services Managed Managed Certificates with Bicep"
+title: "Create a (free!) App Services Managed Certificates with Bicep"
 date: 2023-10-30 00:00:00 +1000
 categories: Azure
 tags:
   - Azure
   - Bicep
 excerpt_separator: <!--more-->
 ---
-
-## Create a (free!) App Services Managed Certificate with Bicep
-
 An certificates in Azure App Services is bind to an host name, this can be an apex (or naked) domain (<https://robertdeveen.com>) or a subdomain (<https://www.robertdeveen.com> or <https://subdomain.robertdeveen.com>), or a combination of these two (for example one certificate for <https://robertdeveen.com> and <https://www.robertdeveen.com>).
 
 To create an App Services Managed Certificate there are two ways to create a certificate with Bicep. One for a apex domain and one for an subdomain. The validation of the ownership of the domain is the main difference. To generate a certificate the certificate authority would like to validate that the domain you try to get a certificate for is yours. That you are the owner of that (sub)domain name.
@@ -20,7 +17,7 @@ As a prerequisite you need to have an App Service Plan and an App Service or Fun
 
 ## Create a Host Name binding without a certificate
 
-```Bicep
+{% highlight bicep %}
 param customHostname string = 'www.robertdeveen.com'
 param webAppName string = 'robertdeveen'
 
@@ -35,8 +32,7 @@ resource hostNameBindingWithoutCertificate 'Microsoft.Web/sites/hostNameBindings
     sslState: 'Disabled'
   }
 }
-
-```
+{% endhighlight %}
 
 ## Create a App Services Managed Certificate for a subdomain
 
@@ -46,12 +42,11 @@ In the DNS Zone, create a CName record pointing to *.azurewebsite.net. This is n
 
 | Type | Record | Value |
 | --- | --- | --- |
-| CName | www.robertdeveen.nl | robertdeveen.azurewebsites.net |
+| CNAME | www.robertdeveen.com | robertdeveen.azurewebsites.net |
 
 ### Create a App Services Managed Certificate
 
-```Bicep
-
+{% highlight bicep %}
 param canonicalName string = 'www.robertdeveen.com'
 param appServicePlanName string = 'robertdeveen-plan'
 param location string = 'westeurope'
@@ -70,7 +65,7 @@ resource certificate 'Microsoft.Web/certificates@2022-03-01' = {
     canonicalName: canonicalName
   }
 }
-```
+{% endhighlight %}
 
 > Note: The documentation is not clear about the meaning of the `domainValidationMethod` field, it is a string. But the value that is accepted should be `cname-delegation` or `http-token`. Other values give the error message: **"The parameter Properties.DomainValidationMethod has an invalid value."**
 The value `cname-delegation` is the only one working these days. The value `http-token` is not working anymore and just waiting a long time to end. The best solution is to not add that field.
@@ -83,9 +78,9 @@ In the DNS Zone, create an A records pointing to the IP address of the webapp. T
 
 | Type | Record | Value |
 | --- | --- | --- |
-| A | robertdeveen.nl | IP-address-of-webapp |
+| A | robertdeveen.com | IP-address-of-webapp |
 
-```bicep
+{% highlight bicep %}
 param canonicalName string = 'robertdeveen.com'
 param location string = 'westeurope'
 
@@ -97,13 +92,13 @@ resource nakedCertificate 'Microsoft.Web/certificates@2022-09-01' = {
     canonicalName: canonicalName
   }
 }
-```
+{% endhighlight %}
 
 ## Create a App Services Managed Certificate for an apex and subdomain
 
 **THIS DOESN'T WORK!** The documentation is not clear about this, but it is not possible to create a certificate for an apex and subdomain at the same time. You need to create two certificates, one for the apex and one for the subdomain.
 
-```bicep
+{% highlight bicep %}
 // param canonicalName string = 'robertdeveen.com'
 // param hostNames = [ 'www.robertdeveen.com', 'robertdeveen.com' ]
 // param location string = 'westeurope'
@@ -117,13 +112,13 @@ resource nakedCertificate 'Microsoft.Web/certificates@2022-09-01' = {
 //     canonicalName: canonicalName
 //   }
 // }
-```
+{% endhighlight %}
 
 ## Bind certificate to the host name
 
 We need to use a module to enable the certificate on the host name, as Bicep/ARM forbids using resource with this same type-name combination twice in one deployment.
 
-```Bicep
+{% highlight bicep %}
 module hostnameBindingWithCertificate './modules/hostname-binding.Bicep' = {
   name: '${customHostname}-hostnamebinding'
   params: {
@@ -132,11 +127,11 @@ module hostnameBindingWithCertificate './modules/hostname-binding.Bicep' = {
     webAppName: webAppName
   }
 }
-```
+{% endhighlight %}
 
 ### `./module/hostname-binding.Bicep`
 
-```Bicep
+{% highlight bicep %}
 resource hostNameBindingWithCertificate 'Microsoft.Web/sites/hostNameBindings@2022-03-01' = {
   name: '${webAppName}/${customHostname}'
   properties: {
@@ -145,4 +140,4 @@ resource hostNameBindingWithCertificate 'Microsoft.Web/sites/hostNameBindings@20
     thumbprint: certificateThumbprint
   }
 }
-```
+{% endhighlight %}
