5

I have an Azure App Service Plan shared by two App Services. For the first (www.rachel-lumsden.net) I have added an "App Service Managed Certificate". This has enabled secure requests to the site.

I've tried to configure the second app service (www.stratus-integration.com) in the same way but I get an error message that "Hostname not eligible".

Can anyone see where I've gone wrong please?

enter image description here

enter image description here

enter image description here

tr0users
  • 413
  • 3
  • 11
  • 16

2 Answers2

4

App Service Managed Certificates can only be used with URL's that are setup as DNS CNAME records. "www.stratus-integration.com" has been setup as an A record, not CNAME. You will need to delete the A record and create a CNAME record pointing to the app service DNS name.

Sam Cogan
  • 38,736
  • 6
  • 78
  • 114
  • Thanks for your answer Sam. My domain registrar is 123-reg.co.uk. I've updated so that it uses dns from cloudflare.com. Within the cloudflare control panel, I now have CNAME entries for www and stratus-integration.com pointing at stratus-integration.azurewebsites.net (I've added a screen grab into question to illustrate) – tr0users Dec 30 '19 at 07:18
  • I'm afraid I still get the same error when attempting to add the Azure managed service certificate, perhaps I need to wait for the CNAME record to propagate? – tr0users Dec 30 '19 at 07:25
  • 2
    The issue is because you are using cloudflare. Whilst you may have setup CName records in Cloudflare, because you are proxying them, Cloudflare is only presenting A records. You need to use non proxied records. https://mxtoolbox.com/SuperTool.aspx?action=a%3awww.stratus-integration.com&run=toolpage – Sam Cogan Jan 01 '20 at 22:21
  • 1
    Thank you so much Sam. With your answer I was able to work around the problem by updating my domain (from the 123-reg.co.uk control panel) to point at the 123-reg dns servers. These had a cname record. When I returned to the Azure setup page I had a green tick, so was able to create a cert and add the ssl binding for the site. – tr0users Jan 02 '20 at 19:19
  • 2
    I was having this same issue and, in case it helps anyone else, i just clicked the orange cloud next to the CNAME entry in cloudflare in order to make it grey and "dns only" and instantly the error went away and i was able to create a free "App Service Managed Certificate". – user1063287 Sep 05 '20 at 12:15
  • A records for apex domains just came out in preview: https://azure.github.io/AppService/2021/03/02/asmc-apex-domain.html – Bradley Grainger Mar 04 '21 at 16:55
  • I'm getting the same error but it says I need to add the A record, but it already exists. – Mahmudul Hasan May 27 '21 at 19:08
  • @MahmudulHasan I would suggest you start your own question with all the details of what you have done so far – Sam Cogan Jun 01 '21 at 09:07
1

To add. Whilst you may have a CNAME record, this will be flattened to an A-Record. For the validation to pass you must set Cloudflare only to flatten the root domain.

Flatten CName Records

Glorfindel
  • 1,213
  • 4
  • 15
  • 22
James Hutchison
  • 11
  • 1