Share via

APIM Provisioning with Custom Hostnames is still failing after March 15

Tom Taylor 0 Reputation points
2026-04-04T06:07:27.5933333+00:00

Trying to add a custom hostname to an API Management service with BICEP is resulting in the following error:

{"code":"ManagedCertificateConfigurationTemporaryDisabled","message":"Update APIM service 'stg' failed. The HostnameConfiguration includes a new Managed Certificate Request, which is temporarily not supported during update from August 15th 2025 to March 15th 2026. All the configured custom domains with Managed Certificate can still be reachable without any impact. Please refer to API Management documentation here: https://learn.microsoft.com/en-us/azure/api-management/breaking-changes/managed-certificates-suspension-august-2025"}

Given that that period ended a few weeks ago, what is the resolution for this?

Azure API Management
Azure API Management

An Azure service that provides a hybrid, multi-cloud management platform for APIs.

0 comments
Answer accepted by question author
  1. Pravallika KV 12,730 Reputation points Microsoft External Staff Moderator
    2026-04-06T01:04:21.7633333+00:00

    Hi @Tom Taylor ,

    Thanks for reaching out to Microsoft Q&A.

    As per the latest update MSDOC, the suspension period for managed certificates was recently extended to June 30, 2026.

    While creation of managed certificates is suspended, use other certificate options for configuring custom domains.

    1. Switch to a custom TLS certificate hosted in Azure Key Vault
      • Provision or import your certificate into Key Vault
      • Enable managed identity on your APIM instance
      • Grant the APIM service principal “Get Secret” permissions on your Key Vault
      • Reference the Key Vault secret in your Bicep/ARM template for the hostname
    2. Upload your own PFX directly in the portal or via ARM/Bicep

    Hope this helps!

    If the resolution was helpful, kindly take a moment to click on User's imageand click on Yes for was this answer helpful. And, if you have any further query do let us know.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 85,065 Reputation points MVP Volunteer Moderator
    2026-04-04T11:12:33.5333333+00:00

    Refer to https://learn.microsoft.com/en-us/answers/questions/5833018/the-managed-certificate-feature-in-api-management

    The Managed Certificate feature in Azure API Management continues to remain disabled even after the previously communicated end date of March 15, 2026. As per the official Microsoft documentation, the creation of Azure‑managed certificates for custom domains was temporarily suspended from August 15, 2025 to March 15, 2026, with a clear statement that the capability would resume after the migration to the new domain control validation (DCV) platform is complete. However, the documentation does not confirm any official extension of this suspension beyond March 15, 2026, nor does it provide a revised restoration timeline. Since the feature is still unavailable after the documented suspension window and no extension has been publicly announced, the current behavior is not aligned with the documented service state and may indicate a service-side issue or an uncommunicated extension.

    Refer below points to resolve this issue or this is the workaround:

    Confirm current service status via Microsoft Support Since there is no official confirmation of an extension beyond March 15, 2026, it is recommended to raise an Azure Support ticket under API Management. Clearly reference the official documentation and highlight that the feature remains disabled beyond the stated suspension period. This will help validate whether the migration is still in progress, has been internally extended, or if this is a regional or tenant-specific issue.

    Treat this as a potential service incident if migration is complete If Microsoft confirms that the migration to the new validation platform has already been completed, then the continued unavailability of managed certificates should be treated as a service incident and escalated accordingly for investigation and resolution.

    Use bring-your-own certificates as a temporary workaround Until official confirmation is received and the feature is restored, continue using customer‑managed (bring‑your‑own) TLS certificates for configuring custom domains in Azure API Management, as this capability is not impacted by the suspension.

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.