Azure Create App Service Managed Certificates - runs for ours and then fails

Question

I want to create a free certificate by "Create App Service Managed Certificates" for an App Service. It works for all my websites except one. The differnce between the problem domain and the other domains is that we used a paid certificate for this domain in the past - also generated by Azure.

I also deleted and recreated App Service - no luck.

Activity log says:

10:11 Accepted - Add or Update Certificate

10:11 Started - Add or Update Certificate

12:27 Failed - Add or Update Certificate (it failed after two hours)

ErrorCode: ResourceOperationFailure

Message: The resource operation completed with terminal provisioning state 'Failed'.

EDIT:

I found the Deployment error message: "The subscription is not registered with Azure Key Vault."

Answer 1

Apologies for the delay on this, Lopuch.

Kindly check the complete/exact error message that you received to isolate issue.

Typically, you could receive an error something like:

'code': 'DeploymentFailed', 'message': 'At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.', 'details': [ { 'code': 'BadRequest', 'message': 'Pending managed certificate failed: Certificate creation was rejected by CA for canonical name “Your domain name”: The domain or certificate request triggered a risky domain check.

The free App Service Managed Certificate (ASMC) comes with the following limitations, kindly review or validate for your domain:

• Does not support wildcard certificates.

• Does not support usage as a client certificate by using certificate thumbprint.

• Does not support private DNS.

• Only supports alphanumeric characters, dashes (-), and periods (.).

Also note that the free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.