This tutorial shows you how to map a custom domain to your Azure App Service app and secure it with an SSL/TLS certificate. Mapping a custom domain is a common requirement for production apps, and securing it with SSL ensures your users' data is encrypted.
Before you can configure SSL, you need to prove ownership of your custom domain by mapping it to your App Service app.
In your DNS provider's management portal, create a CNAME record for your subdomain (e.g., www) pointing to your App Service app's default domain name (e.g., your-app-name.azurewebsites.net).
For a root domain (e.g., yourdomain.com), you'll typically create an A record pointing to the IP address of your App Service app and a TXT record for verification. You can find the IP address and the required TXT record value in the Azure portal.
Example CNAME record:
Type: CNAME
Name: www
Value: your-app-name.azurewebsites.netExample A record (for root domain):
Type: A
Name: @
Value: [App Service IP Address]Example TXT record (for root domain verification):
Type: TXT
Name: @
Value: [Verification ID from Azure Portal]Navigate to your App Service app in the Azure portal. In the left-hand menu, select Custom domains.
Click Add custom domain.
Enter your custom domain name (e.g., www.yourdomain.com) and click Validate.
If the DNS records are set up correctly, Azure will validate your domain. Click Add custom domain again to add it to your app.
DNS propagation can take some time (up to 48 hours, though usually much faster). If validation fails, wait a while and try again.
Once your custom domain is mapped, you can secure it. You have two main options:
Ensure your SSL certificate is in .pfx format and includes the private key.
In the Azure portal, navigate to your App Service app, and select TLS/SSL settings from the left-hand menu.
Go to the Private Key Certificates (.pfx) tab.
Click Upload Certificate. Browse for your .pfx file, enter your certificate password, and click Upload.
Still in TLS/SSL settings, go to the Custom domains tab.
Find your custom domain in the list and click the Add binding link next to it.
In the "Add TLS/SSL Binding" pane:
SNI SSL is common and usually sufficient).Click Add Binding.
In the Azure portal, navigate to your App Service app, and select TLS/SSL settings from the left-hand menu.
Go to the Private Key Certificates (.pfx) tab.
Click Create App Service Managed Certificate.
Choose your custom domain from the dropdown list.
Click Create.
Azure will automatically provision, manage, and renew the certificate for you.
After the managed certificate is created (this may take a few minutes), go back to the Custom domains tab within TLS/SSL settings.
Click Add binding for your custom domain.
Select your custom domain, choose the newly created App Service Managed Certificate from the "Private Certificate Thumbprint" dropdown, select SNI SSL as the TLS/SSL Type, and click Add Binding.
App Service Managed Certificates are free and automatically renew. They are ideal for most use cases. You can only create one managed certificate per custom domain.
To ensure all traffic to your custom domain is secure, enforce HTTPS.
In the Azure portal, navigate to your App Service app and select TLS/SSL settings.
Under the Bindings section (or navigate to the Custom domains tab), find the HTTPS Only toggle.
Set HTTPS Only to On.
Your custom domain is now configured, secured with an SSL certificate, and all traffic is being redirected to HTTPS. You can test this by navigating to https://yourdomain.com in your browser.
For more advanced scenarios, such as using your own wildcard certificates or certificates with enhanced validation, refer to the official Azure App Service documentation.