Cannot access DNS address from browser - Azure Linux virtual machine

Question

Cannot access DNS address from browser - Azure Linux virtual machine

R-Admin228 20

Trouble opening DNS address in Azure Linux virtual machine.

All browsers display this warning: This site does not have a certificate

Did not have this problem before. How to fix this?

TeraWasCloud 0 Reputation points

2026-05-20T17:34:59.9966667+00:00

This warning usually appears when the SSL/TLS certificate for the DNS domain is missing, expired, or no longer matching the Azure VM public DNS address.

A few things you can check:

1. Make sure the domain or Azure public DNS name points to the correct VM IP
2. Verify that the SSL certificate is still valid and not expired
3. Check if the web server (Nginx/Apache) configuration changed recently
4. Confirm ports 80 and 443 are allowed in Azure NSG rules
5. Restart the web server service after certificate updates

If you recently changed the DNS name, IP address, or migrated the VM, browsers may show certificate mismatch warnings until the SSL certificate is updated.

You can also test the certificate using online SSL checker tools to see the exact issue.
Vallepu Venkateswarlu 9,920 Reputation points Microsoft External Staff Moderator

2026-05-20T18:27:57.92+00:00
Hi @ R-Admin228,

Welcome to Microsoft Q&A Platform.

Based on the behavior you described, the issue appears to be related to the SSL/TLS certificate configuration for the DNS name. Additionally, the error ERR_CONNECTION_REFUSED indicates that the VM is currently not accepting connections on port 443 (HTTPS).

Please check the following checks to restore HTTPS connectivity:

Verify DNS Resolution: From the VM, run the following command and confirm that the DNS name resolves to the correct Public IP address:

nslookup <your-dns-name>

If you are using custom DNS servers at the VNet or NIC level, verify that the DNS configuration is correct.

You can also restart the DNS resolver service if required:

RHEL/Ubuntu:

sudo systemctl restart NetworkManager

SUSE:

sudo systemctl restart wicked.service

Verify Port 443 Connectivity: In the Azure Portal, review the Network Security Group (NSG) associated with the VM and confirm that inbound rules allow:

TCP Port 80

TCP Port 443

Additionally, check the firewall configuration inside the VM (such as ufw, iptables, or firewalld) and ensure that HTTPS traffic on port 443 is permitted.

Validate the SSL/TLS Certificate

The issue may also occur if:

The SSL certificate has expired

The certificate is missing

The certificate hostname does not match the configured DNS name

If required, generate or renew the certificate using a trusted Certificate Authority (CA), such as Let’s Encrypt.

After installing the certificate, verify that:

The server_name value in Nginx or the ServerName value in Apache matches the DNS name correctly.

Restart the web service after applying the changes:

After completing the above steps:

Browse to https://<your-dns-name>

Verify that the certificate warning no longer appears

Confirm that HTTPS connectivity works successfully

You may also validate the SSL configuration using external SSL verification tools such as SSL Labs SSL Test.

Ref: Use TLS/SSL certificates to secure a web server to configure SSL Certificate for web server.

Please "upvote" if the information helped you. This will help us and others in the community as well.
R-Admin228 20 Reputation points

2026-05-22T15:01:35.5333333+00:00

Thank you all for your support.

However, none of those solutions are working.

I have checked all the requirements (port 80 (HTTP) and/or 443 (HTTPS) etc.) and all are in order.

Like I said, there was no problem before to access the DNS address from browser. This problem occurred after I redeploy the VM. Does this clarify the issue?
Vallepu Venkateswarlu 9,920 Reputation points Microsoft External Staff Moderator

2026-05-22T20:40:41.9533333+00:00

Hi @ R-Admin228,

Just for testing purposes, you can temporarily use a self-signed certificate to verify whether the issue is related to the SSL certificate configuration.

For example, you can create a self-signed certificate for the DNS name configure it on the web server, and then test HTTPS access again.

Ref: How To Create A SHA-256 Self-Signed Certificate

Please note that self-signed certificates are not recommended for production environments because browsers will not trust them by default unless the certificate is manually imported into the trusted root certificate store on the client machine.

If HTTPS works successfully with the self-signed certificate, the issue is likely related to the original SSL certificate, certificate binding, or certificate/private key configuration after the VM redeployment.
Ref: Let's Encrypt.

Please "upvote" if the information helped you. This will help us and others in the community as well.

1 answer

Your answer

TeraWasCloud 0 Reputation points

2026-05-20T17:34:59.9966667+00:00

This warning usually appears when the SSL/TLS certificate for the DNS domain is missing, expired, or no longer matching the Azure VM public DNS address.

A few things you can check:

1. Make sure the domain or Azure public DNS name points to the correct VM IP
2. Verify that the SSL certificate is still valid and not expired
3. Check if the web server (Nginx/Apache) configuration changed recently
4. Confirm ports 80 and 443 are allowed in Azure NSG rules
5. Restart the web server service after certificate updates

If you recently changed the DNS name, IP address, or migrated the VM, browsers may show certificate mismatch warnings until the SSL certificate is updated.

You can also test the certificate using online SSL checker tools to see the exact issue.
R-Admin228 20 Reputation points

2026-05-22T15:01:35.5333333+00:00

Thank you all for your support.

However, none of those solutions are working.

I have checked all the requirements (port 80 (HTTP) and/or 443 (HTTPS) etc.) and all are in order.

Like I said, there was no problem before to access the DNS address from browser. This problem occurred after I redeploy the VM. Does this clarify the issue?
Vallepu Venkateswarlu 9,920 Reputation points Microsoft External Staff Moderator

2026-05-22T20:40:41.9533333+00:00

Hi @ R-Admin228,

Just for testing purposes, you can temporarily use a self-signed certificate to verify whether the issue is related to the SSL certificate configuration.

For example, you can create a self-signed certificate for the DNS name configure it on the web server, and then test HTTPS access again.

Ref: How To Create A SHA-256 Self-Signed Certificate

Please note that self-signed certificates are not recommended for production environments because browsers will not trust them by default unless the certificate is manually imported into the trusted root certificate store on the client machine.

If HTTPS works successfully with the self-signed certificate, the issue is likely related to the original SSL certificate, certificate binding, or certificate/private key configuration after the VM redeployment.
Ref: Let's Encrypt.

Please "upvote" if the information helped you. This will help us and others in the community as well.

Answer 1

The browser warning about the site not having a certificate is unrelated to Azure DNS itself. DNS only resolves the hostname to an IP address; it does not provide or manage TLS/SSL certificates for the site running on the Azure Linux virtual machine.

To fix the browser error and access the site securely, configure TLS/SSL on the web server that is hosting the site on the Linux VM and ensure DNS resolves correctly:

Verify DNS resolution
- From the Linux VM and from a client machine, run:
```
     nslookup <your-site-hostname>
```
- Confirm that the hostname resolves to the correct private or public IP of the VM, according to the design (for example, using Azure-provided DNS or custom DNS as described in the DNS name resolution guidance).
Confirm the VM is reachable on HTTP/HTTPS
- Ensure the web server on the VM is listening on port 80 (HTTP) and/or 443 (HTTPS).
- Check that any Network Security Group or firewall allows inbound traffic on those ports.
Configure TLS/SSL on the web server
- Install a valid certificate (for example, from a public CA or an internal CA) on the web server (Apache, Nginx, etc.) and bind it to port 443 for the site hostname.
- After the certificate is installed and the web server is restarted, browse to https://<your-site-hostname>.
If using private endpoints or private DNS zones
- For services exposed via private endpoints, verify that the DNS configuration (Azure DNS or custom DNS) resolves the service FQDN to the private IP, as described in the private endpoint DNS troubleshooting steps. A wrong IP (public instead of private, or vice versa) can cause connection failures even if the certificate is correct.

The key point is that DNS must resolve the hostname to the correct IP, and the web server at that IP must present a valid TLS certificate for the hostname. Once both are correct, the browser warning about the site not having a certificate will be resolved.

References:

Share via

Cannot access DNS address from browser - Azure Linux virtual machine

1 answer

Your answer