Not able to create any managed ssl certificate in managed app hosted on linux,

Question

Not able to create any managed ssl certificate in managed app hosted on linux,

Tarek Alhamad 25

Hi
I have a problem that I am not able to create any ssl certificate on my managed app service plan hosted on linux, Premium v3 P1mv3 (Change). I have one domain, main site that the certificate was generated successfully for it, but when I try to add any of the sub domains such as www.* the certificate takes so long-time during creation and eventually fails with error code
Create Managed Certificate | Failed | Pending certificate expired., Can you please support, I tried everything including purchasing azure support plan to contact support and still I cannot do that,

TimeStamp	8/29/2025 11:07:24 PM
TimeStamp	8/29/2025 11:07:24 PM
Certificate Name	portal.***.com
Cause	Create free cert failed
Recommended Action	Please try again

Christer Engman 0 Reputation points

2025-09-01T11:15:13.43+00:00

We've experienced the same problem since August 28th 2025 and still cannot get it to work with Linux hosted app services. Switching to Windows solved it for us temporarily. Working with MS support in case #2508310050000335 to get this solved.

Accepted answer

1 additional answer

Your answer

Christer Engman 0 Reputation points

2025-09-01T11:15:13.43+00:00

We've experienced the same problem since August 28th 2025 and still cannot get it to work with Linux hosted app services. Switching to Windows solved it for us temporarily. Working with MS support in case #2508310050000335 to get this solved.

Answer 1

Hello Tarek Alhamad,

Thank you for posting your question in the Microsoft Q&A forum.

This recurring failure during the creation of a managed certificate for your subdomain, specifically the "Pending certificate expired" error, typically indicates a problem with the domain validation process managed by Azure's certificate authority (CA), Let's Encrypt. The issue often stems from DNS configuration or validation challenges that prevent the CA from successfully verifying your domain ownership before the temporary validation token expires.

Firstly, ensure that your subdomain (e.g., www) has a correct CNAME record pointing to your Azure App Service. The record must be properly propagated and resolvable globally, as Let's Encrypt’s validation servers might fail to resolve it due to delays or misconfigurations. Additionally, if your domain uses any DNSSEC, ensure it is correctly configured, as validation failures there can also disrupt the process.

Secondly, review your App Service configuration to confirm that the subdomain is explicitly listed as a custom domain within your App Service settings. Azure requires the domain to be bound to the App Service before it can issue a certificate, and any discrepancy here can cause the validation to hang and eventually time out.

If these steps do not resolve the issue, consider creating the certificate manually using a different CA, such as via App Service Certificates (which integrates with Key Vault) or a third-party certificate imported into Azure. This bypasses the automated validation challenges while still securing your subdomain. Given you have a support plan, escalate the case with Azure support, providing detailed logs and DNS configurations, as they can investigate backend validation attempts and identify specific failures.

Please, let me know the response helps answer your question? If the above answer helped, please do not forget to "Accept Answer" as this may help other community members to refer the info if facing a similar issue. 🙂

Michael McMaster 16 Reputation points

2025-08-30T14:56:06.16+00:00

I am experiencing the same issue. In the container apps I was able to create the custom domains, but creation of the certificates are failing. The domain HAD BEEN VERIFIED!
Tarek Alhamad 25 Reputation points

2025-08-31T22:29:28.3566667+00:00

My guess it was only a hidden limit that microsoft enforce on the number of certificates a subscription can have. In my case, I had a windows app plan with 5 certificates. I decided to switch to linux machine and used the same urls and same dns configuration for the same apps and kept trying for two days and nothing happened. Only when I open the support ticket and start typing here and on twitter, suddenly everything started working smooth. So it could be that or it could be delays or an intermediate bug, I can’t really tell.

Thank you for your response though, I will mark your response as accepted.

Answer 2

My guess it was only a hidden limit that microsoft enforce on the number of certificates a subscription can have. In my case, I had a windows app plan with 5 certificates. I decided to switch to linux machine and used the same urls and same dns configuration for the same apps and kept trying for two days and nothing happened. Only when I open the support ticket and start typing here and on twitter, suddenly everything started working smooth. So it could be that or it could be delays or an intermediate bug, I can’t really tell.

Share via

Not able to create any managed ssl certificate in managed app hosted on linux,

1 additional answer

Your answer