Share via

unable to validate a domain

Łukasz Awsiukiewicz 0 Reputation points
2024-12-14T18:57:39.6533333+00:00

I have added a static web app. All works with azure generated domain. I have a a custom domain hosted outside AZURE where i need to manually create records. Based on documentation I should create either CNAME or TXT record for my custom domain which i did. I'm able to do nslookup from cloud shell and get the proper TXT record for domain provided in the custom domain, however Azure stuck in validation process. Wheel is keep spinning and i never complete a validation. It takes 48hrs with no results.
I have tried with CNAME and TXT record. I have tried to add TXT for:
_dnsauth.<my domain> and it does not work for azure validator.

It's even worse with CNAME validation. I add CNAME record, in adding window it says validated and i can click OK, but once it navigate back to custom domains then it shows "An unknown error has occurred while adding your custom domain. Please try again later.".

mspaint_N5s8Gn93B1

obraz

Nothing works. Any suggestions?

Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
1,020 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gabriel Santana 175 Reputation points
    2024-12-15T22:03:00.8633333+00:00

    Hello! Welcome to the Microsoft Q&A Community!

    TL;DR: Allow DigiCert to issue a certificate by adding a CAA record for the top domain (@) with the value 0 issue "digicert.com".

    Explanation:

    In Azure, when you're adding a custom domain to your Static Web App, DigiCert is the certificate authority used to issue SSL certificates. If you're encountering errors during validation, it might be because DigiCert is unable to issue the certificate due to a missing CAA (Certification Authority Authorization) record for your domain. Refer to this Microsoft Docs

    To resolve this, you can add a CAA record for your domain in your DNS settings. The CAA record will explicitly authorize DigiCert to issue SSL certificates for your domain, which is required by Azure Static Web Apps for domain validation.

    Here's how you can do it:

    Go to your DNS provider (the one hosting your custom domain).

    Create a new CAA record for the top-level domain (e.g., yourdomain.com).

    1. Set the value of the CAA record to: 0 issue "digicert.com" This record will allow DigiCert to issue SSL certificates for your domain.
    2. After adding the CAA record, wait for DNS propagation, which may take up to 24 hours (sometimes less).

    Once the CAA record is in place, Azure should be able to complete the validation and issue the SSL certificate for your custom domain.

    If you're still facing issues after this, you may want to verify the propagation status of your DNS records or check for any other DNS misconfigurations.

    If this answer was helpful, please click "Accept Answer" or "Upvote" to help others in the Microsoft Q&A community!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.