You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/azure/app-service/troubleshoot-azure-app-service-certificates.md
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -87,7 +87,7 @@ Domain **ownership verification** is important because Azure doesn't issue or re
87
87
88
88
**For Azure portal**
89
89
90
-
1. On the App Service certificate's page, go to **Certificate Configuration** > **Step 2: Verify**. Check whether **Certificate is Domain Verified** is selected. If it's not, you must complete the verification.
90
+
1. On the App Service Certificate page, go to **Certificate Configuration** > **Step 2: Verify**. Check whether **Certificate is Domain Verified** is selected. If it's not, you must complete the verification.
91
91
92
92
- If your custom domain is already mapped to an App Service in the same subscription, select **App Service Verification**, and then select
93
93
**Verify**. Azure automatically verifies the certificate by using the existing custom domain binding.
@@ -133,12 +133,12 @@ out-of-band method to verify.
133
133
records and the required TXT record for root domains) are correct.
134
134
135
135
- If you used the TXT record method, verify that the record is at the
136
-
correct DNS zone. (The TXT record should be created on the root domain,
137
-
with the "@" record in the DNS zone).
136
+
correct DNS zone. The TXT record should be created on the root domain and not a subdomain.
137
+
Use the *@* record in the DNS zone).
138
138
139
139
- If you use App Service verification, your app might be blocking the
140
140
verification HTTP request. This condition might occur if Azure tries an HTTP GET to
141
-
*http://yourdomain/.well-known/pki-validation/godaddy.html*. For example, a customer has a custom module on their site that generates an "HTTP 500" error and causes verification to fail. In these cases, use an alternative verification method (DNS TXT or email) to complete the process.
141
+
*http://yourdomain/.well-known/pki-validation/godaddy.html*. For example, a customer has a custom module on their site that generates an "HTTP 500" error and causes verification to fail. In these cases, use an alternative verification method (DNS TXT or email) to complete the process.
142
142
143
143
- For renewals, if more than 13 months (395 days) passed since the
144
144
last verification, you must verify the domain again. Azure keeps a
@@ -335,8 +335,7 @@ error:
335
335
default Azure certificate might appear if you use the
336
336
*\*.azurewebsites.net* domain that has a custom domain requirement.
337
337
338
-
- Because DNS caching can direct you to an old IP, clear the DNS cache if you recently changed a record (in Windows, run
339
-
`ipconfig/flushdns`).
338
+
- Because DNS caching can direct you to an old IP, clear the DNS cache if you recently changed a record (in Windows, you can clear the DNS cache by running `ipconfig/flushdns`).
340
339
341
340
- If a wrong certificate appears in the custom domain, it might
342
341
indicate the mixed SNI and IP bindings scenario that was previously discussed.
0 commit comments