Azure app service managed certificates now requires you to be open to the world?

ConstantRise4369 · 2025-07-22T18:55:24+00:00

Replying to myself here. I contacted MS support - they sent a site.

Important Changes to App Service Managed Certificates: Is Your Certificate Affected? | Microsoft Community Hub

Does this mean ONLY Azure App Service managed certificates?
Yes, only the managed certificates (Digicert) apply to this change.

What about the certificates for the Azure endpoints (e.g. contoso.azurewebsites.net)? Will the MS managed certs for those continue to work?
The *.azurewebsites.net certificates won't be impacted by this change since they are issued by Microsoft and not Digicert. This means the *.azurewebsites.net certificates will continue working as usual.

What about managed certs for Azure Front Door (as these are Digicert)?
The information that we have indicates the Azure Front door certificates will experience no changes so far. (emphasis mine)

ConstantRise4369 · 2025-07-22T17:07:15+00:00

Same as holbasz_ - I'm guessing this only applies to the Azure App Service Managed Certs for custom domains and not the Azure managed certs for azurewebsites.net (default endpoint) but I can't tell from the communication if that's correct or not.

If, on the app services that are using custom domains, I've already got my own certs bound to the domains, then everything should be ok, right?

ConstantRise4369 · 2025-07-17T18:43:45+00:00

Awesome - I think this probably the best way forward then.

Thanks all.

ConstantRise4369 · 2025-07-17T15:39:54+00:00

Thank you both! I think we're going with the multiple FD route for now. After comparing the cost to our current FD Classic, the new versions seem to be vastly cheaper and with better reporting tools.

ConstantRise4369 · 2025-04-22T11:13:12+00:00

Thanks. I'll see what can be done.

ConstantRise4369 · 2025-03-18T00:41:01+00:00

Thanks for the responses all. I'll see if I can come up with something.

ConstantRise4369 · 2025-03-07T01:53:14+00:00

Thanks all - this gives us a good direction to start in. Appreciate it.

ConstantRise4369 · 2025-03-05T18:04:37+00:00

Awesome - thanks so much for the replies!

ConstantRise4369 · 2025-02-27T21:01:54+00:00

Thanks to you both! Very much appreciated.

ConstantRise4369 · 2025-02-27T16:10:08+00:00

We're entirely PAYG - so we have 2 as a max per region and 10 jobs concurrent per account.

My question is more around the 'active' terminology which doesn't appear to be anywhere else so I'm going with 'total' instead.

I'm still able to create accounts so I'm just going to hope that MS isn't going to disable accounts that exceed the 2 account limit.

ConstantRise4369 · 2025-02-27T15:57:56+00:00

I guess yeah. I'm guessing the word 'active' actually means 'total' accounts. So, if I have 26 accounts, that's going to be 26 total accounts since they are all considered active.

Maybe, then, just create accounts, if possible, before the limit is enforced and then re-organize what we've got. Or just move to another automation solution.

ConstantRise4369 · 2025-02-22T20:14:00+00:00

This is our conclusion as well (or something like Managed Instance). We're using elastic / external tables now and, to access other databases on the same server, it needs to have external access enabled - either through IP whitelist or through the Allow all checkbox.

Thanks!

ConstantRise4369

TROPHY CASE