If you want free SSL certficiate for your App Service - App Service Managed Certificate is finally here. Secure custom domains for your web apps with App Service Managed Certificates.

Let's first talk about limitaions

Requirements & Limitations

  • Currently in Preview (might have some bugs, although no bugs reported yet)
  • Only works for sub-domains. Naked (Apex) domains are not supported for now

Naked domains not supported

  • Can only be provisioned if an active CNAME is directly pointed to your webappname.azurewebsites domain (Live migrate DNS with awverify will not work)

hostname eligible for Managed App Service Certificate

  • Needs existing "Custom Domain" entry for the domain
  • Requires Basic or above App Service plan
  • Cannot be exported
  • Cannot be wilcard (*.domain.com)
Add a comment

If you want to change the DNS in Azure App Service Web App, this article will show you how. First, let's say that by default App Service is using Azure DNS servers for name resolution.

They are invisible to us in the PaaS environment and we can't really influence them in any way. So if we want any custom DNS scenarios, we have a way of changing this "Default" DNS Server.

Azure DNS

Ok, let's move on to actually changing the DNS Server.

Add a comment

Azure App Service Certificate is a SSL certificate purchased from Azure. It comes with many benefits and easy integrations with other Azure resources. The certificates are issued by GoDaddy's Certificate API in partnership with Azure.

You will see ASC be used a lot for substitute for App Service Certificate in this article

App Service Certificate

Table of Contents

Add a comment

Apart from securing your web apps there is another reason why you would use applicatoin gateway (WAF tier) in an ILB ASE. You can expose your web app to the internet. 

This is direct followup from the previous article about creating the ILB ASE itself - https://www.azuretechguy.com/ilb-ase-new

To integrate our ILB ASE with an WAF tier App Gateway we will be following this guide loosely because it is kind of old and screenshots are no longer relevant (as of now) but it gives good insight on how to achieve this

Table of Contents:


  • ILB ASE with at least 1 App Service plan and 1 Web App
  • Public Internet domain and access to its DNS
Add a comment