Custom Domain and HTTPS for Azure Web App

When you create an Azure Web app, you are given an Azure website URL like mine, in this post I will

  • Use my custom domain instead of
  • Buy an SSL certificate so my site URL can use HTTPS instead of HTTP

Custom Domain

To map a custom domain the App Service you chose cannot be in the Free tier, in my last post Set up Fanray on Azure App Service I chose the Basic tier. 

Start by first find your site IP address. Go to Azure Portal > your App Service > Settings > Custom domains.

Custom domain



Mapping a custom domain basically requires you to create 3 DNS records at your domain registrar,

  • an A record, where A stands for Address, it deals with IP address and there should be one maps your root domain to your site IP
  • another A record maps all subdomains to your IP or a CNAME record, where C stands for Canonical, it’s used as an alias often pointing the www subdomain to root domain
  • a TXT record commonly used for verification purpose, App Service uses this record only at configuration time, to verify that you own the custom domain

After all three records have been created at my registrar, my DNS looks like this,

DNS records


Go back to Azure Portal, Custom domains, click on Add hostname, enter and validate both and


HTTPS is important not only because of security but also because Google prefers HTTPS as a ranking signal.

Buy an SSL Certificate on Azure

You can buy an SSL certificate directly on Azure for $69.99/yr Standard or $299.99/yr Wild Card.  Both covers only a single domain, the Standard will cover both the root domain and www subdomain, while the Wild Card can give you other subdomains, say you want

If you need a certificate that covers multiple domains, currently you have to buy it else where, one option would be Digicert’s Multi-Domain (SAN) Certificates. Then you would need to manually upload the certificate to Azure.

Also be aware if you buy the certificate on Azure and you are using a subscription, your purchase will be charged towards your monthly credit. And if your credit is less than the cost of the certificate, it will cause your subscription to be disabled.

To buy it on Azure, go to to get started.

Store Cert in Azure Key Vault

It takes a few minutes for the purchase to complete, then it will open the App Service Certificate blade for you. Go to Certificate Configuration and click on Step 1 to store this certificate in Key Vault. During this process, you can choose an existing Key Vault or create a new one. The Standard cost is $0.03/mo.

Certificate Configuration


Verify Domain Ownership

Click on Step 2: Verify

If you bought your domain with Azure you can simply click on verify, otherwise you can verify through an email you receive.  The email contains a link clicking on which will take a you to GoDaddy and ask you to approve the certificate. Step 2 will take 5 to 10 minutes to complete on its own.  After this completes you will see step 1 to 3 all check marked.

Domain Access Approval


Import Certificate and Create Binding

Finally assign the certificate to your app, go to App Service > SSL certificates > click on Import App Service Certificate

Import App Service Certificate


After that add bindings to both root and subdomain, and

SSL Bindings


Turn on HTTPS Only

Finally go back to your App Service > Settings > Custom domains, and turn on the HTTPS Only option, this will redirect all HTTP traffic to HTTPS.

Turn HTTPS Only to On


Additional Resources


Thus far I have launched the site live and gotten my custom domain and https working.  But there is an issue, the website can be accessed from both the root domain and the subdomain, for SEO purpose I will want to set up Preferred Domain and URL Redirect.