Add naked domain support to App Service Managed Certificates
Currently naked domains are not supported when creating App Service Managed Certificates. I want to be able to create a free SSL certificate on a naked/apex domain.
Thank you for the feedback. We are investigating this feature request and I will update this status as we make progress.
Just read the other comments and can't believe how slow the Azure team are on making progress on this issue. just looking at the Admin last comment dated Feb 12 - nearly 5 months ago....there should be a daily update on this or weekly at the worst.
Why has this not been done years ago?
Other sites provide auto imports from Lets Encrypt.
no wonder the likes of godaddy are hosting most of the naked domains.
Amir Nazem commented
I've created ANAME(DNS flattening) for our naked domain and pointed it to our frontdoor but it doesn't work! very cheap web hosting provider had this feature. is there an ETA on when this would be available?
Mike Mason commented
Definitely needed done yesterday
Lars Kemmann commented
+1, this needs to be done yesterday. :)
Let's get this done already! Next sprint!
Greg Babl commented
Progress? This is a no brainer.
This would be absolutely perfect. Even though I want to use www., I still need a redirect from naked domain, but that is not easily possible now. I used Nakedssl for now, but having this out of the box would be brilliant.
Sven Wasmer commented
I‘m trying to deploy a web CMS on an Appservice. The managed certificate would make sense, but I couldn’t redirect naked domain to www, yet.
So either you pay for a naked domain certificate or you use some weird Let‘s encrypt in a docker container setup.
I would prefer if Azure would support let‘s encrypt by default.
Do you need help implementing this? I'll work for free just to help you get it done.
Any news on this ?
It turns out its actually possible:
For everyone interested (and probably azure to know) you actually can create a managed certificate for an apex domain and I stumbled across this because I am an idiot :-p.
It turns out that our DNS provider [namecheap] does 'cname flattening'? (I think?) and had allowed me to create cname values for my apex domain by basically setting something like this
[mydomain.azurewebsites.net, @, CNAME]
[mydomain.azurewebsites.net, www, CNAME]
and resolve like this
Which in turn actually allowed me to create managed certificates for the apex domain. It wasn't until I started trying to migrate domains with other dns providers (ironically azure) that I ran into this issue.
It seems completely useless to have this functionality without supporting naked domains.
thomas woelfer commented
Still no progress?
John Marsh commented
I don't understand the logic for not allowing naked domains? Please, please add this feature.
Please add this option, as for now the functionality lacks usability.
It would be highly appreciated!
thomas woelfer commented
I'm currently using mostly managed certs, but letsencrypt certs for naked domains. However, letsencrypt will no longer accept ACMEv1 connections in june. Thus, i have either to re-learn how to apply lets encrypt from some of my properties, or you guys are ready with your naked domain support.
if you prefer to have happy customers, i'd think you'd know what to do.
App Service Managed Certificates is an amazing new feature for Azure, but is hampered by lacking naked domain support for the reasons described in other comments.
Please add support for naked domains ASAP, and wrap up this great Azure feature properly. It's the only thing holding us back from getting rid of Let's Encrypt.
Ali Reaziat commented
The most basic certificate you can get covers www and naked domain. That's for a reason! It amazes me that Azure didn't consider this as the most basic need for anyone who might consider using App Service Managed Certificates. This is a great initiative, but so far useless. It's like building a two story house without the staircase! The bedrooms are up there, but there is no way to get up there!!
I really hope this gets addressed fast, as it will pave the way to much better SaaS deployment on Azure.
As others have said, since this feature does not support naked domains yet, I'm forced to run both Let's Encrypt extension and this. This is more stable and longer valid certificates, so would like to use it, but need naked domain support or it will never be a viable option.
Lajos Marton commented
@Ty Cahill do you seriously believe in marketing bullshits? :D This "feature request" (I think this is not a feature request, but a bug fix for original almost useless implementation) is in under review state, so in a few years it will be solved by Azure devs.