Starting November 30 2021, GoDaddy will no longer be issuing certificates for the additional ‘www’ domain when validating domain ownership through HTML web page verification (AKA token verification) method or the App Service verification, which automates token verification method. This change will affect all certificates (new, renew, rekey) that require validation.
This article will go through the following sections to provide you more information on how to handle your certificate renewals to avoid any possible downtime for your web app when using an App Service Certificate.
- Understanding different validation methods
- What change can mean for SSL bindings
- How to get certificate issued for a ‘www’ domain
Understanding different validation methods
You can refer to the verify domain ownership documentation for the different methods to verify domain ownership for your App Service Certificate.
What change can mean for SSL bindings
If you renew your certificate without a ‘www’ domain, this may affect your SSL bindings if you use an App Service Certificate for your ‘www’ domain.
Let’s say you already added a ‘www’ custom domain to your web app and have already added an SSL binding with an App Service Certificate that secures a ‘www’ domain. If you renewed your certificate without a ‘www’ domain, your SSL bindings CANNOT be updated/synced with that new certificate. Thus you are risking your SSL bindings to keep using the old certificate.
To avoid this issue, do NOT use HTML web page verification or App Service Verification. Use either the mail verification or the manual DNS verification instead. Refert to how to get certificate issued for a ‘www’ domain section of the article.
How to get certificate issued for a ‘www’ domain
You may still get a certificate with ‘www’ domain when you verify your domain ownership with DNS manual verification or mail verification.
DNS manual verification
You will need to create a TXT record using the token verification token in your domain name’s zone (DNS) records.
An email will be sent to the domain administrators with instructions on how to verify domain ownership for your certificate.
For example, if the certificate is for
domain.com, emails will be sent to:
email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com