I tried to generate an Azure App Service Managed Certificate for a new Azure App Service that I set up.

When I run the command to generate the Azure App Service Managed Certificate:

az webapp config ssl create --resource-group MyResourceGroup --name MyAppService --hostname www.mywebsite.com

I get the error below:

Bad Request({"Code":"BadRequest","Message":"Pending managed certificate failed: Certificate creation was rejected by CA for canonical name auth.uat.8451.audigent.com: The domain or certificate request triggered a risky domain check. Please contact Azure for assistance for this request. If retrying does not help, please contact support for assistance. Refer to the documentations for more info: https://go.microsoft.com/fwlink/?linkid=2158627."

I have tried twice to re-run the certification generation command, the error still persists.

CodePudding user response：

Here's how I fixed it:

Just take a break of about 1 to 2 minutes and retry the Azure App Service Managed Certificate command:

az webapp config ssl create --resource-group MyResourceGroup --name MyAppService --hostname www.mywebsite.com

It should work fine now.

If it still persists though, then contact Azure support for assistance. Refer to the documentations for more info: https://go.microsoft.com/fwlink/?linkid=2158627."

CodePudding user response：

Glad to know that the issue is resolved. Thanks for the update, @Promise Preston

The App Service Managed certificate is a free certificate is issued by DigiCert. For some domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.. I have seen cases where by completing the above the error goes away.

For more details on App Service Managed certificate, please see these docs: Prerequisites and Limitations