Share via

Cannot create App Service Managed Certificate – “resource already exists in another region” but not visible anywhere

ALSADAH KITCHEN COMPANY 0 Reputation points
2026-04-30T08:48:57.54+00:00

Hi,

I’m facing an issue with Azure App Service Managed Certificate and would appreciate help.

Context:

  • App Service: XXXX
  • Resource Group: XXXXXX86
  • Region: West XXXXX
  • Domain: XXXXXXX

Problem:

When I try to create a managed certificate for www.alsadha.com, I get this error:

“The resource 'XXXXXXXXXXXXXX' already exists in location 'canadacentral' in resource group 'ALSXXXXXXX6'. A resource with the same name cannot be created in location 'West Europe'.”

What I’ve checked:

  • No certificate with this name exists in the current resource group
  • Searched in “All resources” → nothing found
  • Checked App Service → Certificates → only alsadha.com certificate exists
  • Deleted and re-added the custom domain (www)
  • Tried creating a temporary subdomain (test123.alsadha.com)

Still getting the same error.

It seems like a ghost/stale managed certificate resource in another region (Canada Central), but I cannot locate or delete it.

Questions:

  1. How can I find and delete this hidden/stale managed certificate?
  2. Is there a way to force Azure to recreate it with a new internal name?
  3. Is this a known issue with App Service Managed Certificates?

Any help would be greatly appreciated.

Thanks!
edited PII information

Azure App Service
Azure App Service

Azure App Service is a service used to create and deploy scalable, mission-critical web apps.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praneeth Maddali 8,775 Reputation points Microsoft External Staff Moderator
    2026-04-30T10:07:36.3233333+00:00

    Hi @ALSADAH KITCHEN COMPANY

    Your CNAME is correctly configured and resolving to the App Service in West Europe. However, the site is currently serving Azure’s default *.azurewebsites.net wildcard certificate, which is causing the hostname mismatch shown in the SSL check.

    The error you’re encountering — “The resource 'www.[yourdomain].com-[suffix]' already exists in location 'canadacentral'...” — is a known issue with App Service Managed Certificates. A previous attempt has left behind a stale internal certificate resource in Canada Central that isn’t visible in the normal portal views.

    Recommended Solution:

    1. Find the hidden certificate using Resource Graph Explorer in the Azure portal: 
         Resources
   | where type == "microsoft.web/certificates"
   | where name contains "yourdomain"
   | project name, location, resourceGroup, id
    2. you can try below Bash command to check the certificates 
         az webapp config ssl list --resource-group

         az resource list \
     --resource-type Microsoft.Web/certificates \
     --subscription {subscription-id} \
     --output table

    Delete the stale resource using Azure CLI (replace with the exact values from the query):

    az resource delete \
  --ids "/subscriptions/{your-subscription-id}/resourceGroups/{your-resource-group}/providers/Microsoft.Web/certificates/[exact-certificate-name-from-query]" \
  --api-version 2022-09-01

    Alternatively, you can browse and delete it via Azure Resource Explorer under Microsoft.Web >certificates.

    Wait 10–15 minutes, then return to your App Service >TLS/SSL settings and try creating the App Service Managed Certificate again for your www subdomain.

    Reference :

    https://learn.microsoft.com/en-us/troubleshoot/azure/app-service/connection-issues-with-ssl-or-tls/troubleshoot-custom-domain-issues-azure-app-service

    https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex%2Crbac%2Cazure-cli

    https://learn.microsoft.com/en-us/cli/azure/webapp/config/ssl?view=azure-cli-latest#az-webapp-config-ssl-list

    https://techcommunity.microsoft.com/blog/appsonazureblog/get-web-apps-certificates-in-bulk/3436666

    If the answer is helpful,  Please do click "Accept the answer” and Yes, this can be beneficial to other community members.

    If you have any other questions, let me know in the "comments" and I would be happy to help you

    1 person found this answer helpful.
    0 comments
  2. Q&A Assist
    2026-04-30T08:49:14.15+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The error indicates that Azure already has an App Service managed certificate object for www.alsadha.com with the internal name www.alsadha.com-ALSADHA in another region (Canada Central). Managed certificates are tightly bound to the custom domain and region, and the platform prevents creating another managed certificate with the same internal name in a different region.

    The provided context does not include a supported way to:

    1. Enumerate or delete a “hidden” or cross‑region App Service managed certificate resource.
    2. Force creation of a new managed certificate with a different internal name for the same custom domain when such a conflict exists.
    3. Confirm this specific cross‑region name‑collision as a documented, known issue.

    From the available guidance, the only fully documented and supported paths for certificates in App Service are:

    • Use a free App Service managed certificate when the prerequisites are met and no conflicting resource exists.
    • Or, instead of a managed certificate, use a standard App Service certificate or an external certificate (PFX) and follow the lifecycle: Buy/Generate → Store in Key Vault → Verify → Import → Bind.

    Given the constraints in the context, the practical, documented workaround is:

    1. Obtain a standard certificate for www.alsadha.com (for example via an external CA).
    2. Upload or import it into the App Service:
      • Store it in Key Vault (or upload as PFX), then
      • Import it into the web app’s TLS/SSL settings under Private Key Certificates (.pfx).
    3. Bind it to www.alsadha.com using SNI SSL in TLS/SSL bindings.

    This avoids the managed‑certificate name/region conflict entirely and follows the documented certificate lifecycle for App Service.

    Because the context does not document any supported method to clear or rename the conflicting managed certificate resource, or to override the internal name, escalation to Azure Support is required to:

    • Locate the stale/remote managed certificate object, and
    • Remove or fix it at the platform level.

    References:

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.