Azurecloud~5 mins

Custom domains and SSL in Azure - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

When you want your website or app to have a friendly web address and a secure connection, you use custom domains and SSL. This lets visitors see your own web address and keeps their data safe with encryption.

When you want your app to be reachable at your own web address like www.myapp.com instead of a generic cloud address.

When you want to protect your users' data by encrypting the connection with HTTPS.

When you want to build trust with visitors by showing a secure padlock in their browser.

When you need to comply with security standards that require encrypted connections.

When you want to manage your domain names and certificates easily within Azure.

Commands

This command links your custom domain www.example.com to your Azure web app so it can respond to requests on that domain.

Terminal

az webapp config hostname add --resource-group example-resource-group --webapp-name example-webapp --hostname www.example.com

Expected OutputExpected

No output (command runs silently)

→

--resource-group - Specifies the Azure resource group where your web app is located.

→

--webapp-name - Specifies the name of your Azure web app.

→

--hostname - Specifies the custom domain you want to add.

This command binds an SSL certificate to your web app, enabling HTTPS so visitors connect securely.

Terminal

az webapp config ssl bind --resource-group example-resource-group --name example-webapp --certificate-thumbprint 123ABC456DEF7890 --ssl-type SNI

Expected OutputExpected

No output (command runs silently)

→

--certificate-thumbprint - Identifies the SSL certificate to bind by its unique thumbprint.

→

--ssl-type - Specifies the SSL binding type; SNI is common for multiple domains on one IP.

This command uploads your SSL certificate file to Azure so it can be used for your web app.

Terminal

az webapp config ssl upload --resource-group example-resource-group --name example-webapp --certificate-file mycert.pfx --certificate-password MyP@ssw0rd

Expected OutputExpected

{"thumbprint": "123ABC456DEF7890"}

→

--certificate-file - Path to your SSL certificate file in PFX format.

→

--certificate-password - Password protecting your PFX certificate file.

This command shows all domain names linked to your web app, confirming your custom domain is set.

Terminal

az webapp show --resource-group example-resource-group --name example-webapp --query hostNames

Expected OutputExpected

["example-webapp.azurewebsites.net", "www.example.com"]

→

--query - Filters output to show only the host names.

Key Concept

If you remember nothing else from this pattern, remember: linking your custom domain and uploading then binding an SSL certificate are the two key steps to make your app secure and reachable at your own web address.

Common Mistakes

Trying to bind an SSL certificate before uploading it to Azure.

Azure cannot bind a certificate it does not have, so the command fails.

Always upload the SSL certificate first using az webapp config ssl upload before binding it.

Not verifying DNS settings for the custom domain before adding it to the web app.

If DNS is not correctly set, Azure cannot verify domain ownership and the custom domain won't work.

Make sure your domain's DNS records point to your Azure web app before adding the custom domain.

Using the wrong SSL binding type for your scenario.

Using IP SSL binding when you have multiple domains can cause conflicts and failures.

Use SNI SSL binding for most cases, especially when hosting multiple domains on one app.

Summary

Add your custom domain to your Azure web app with az webapp config hostname add.

Upload your SSL certificate file to Azure using az webapp config ssl upload.

Bind the uploaded SSL certificate to your web app with az webapp config ssl bind to enable HTTPS.

Verify your custom domains linked to the app with az webapp show and check hostNames.