Azure Front door automatic certificate renewal

zveratko 0 Reputation points
2024-06-04T10:51:34.5233333+00:00

I'm facing some issues with cert renewal. Current setup is:


DNS ZONE test.app

  dev NS record to dev.test.app

DNS ZONE dev.test.app

  @   A record to FD

  api CNAME record to FD

Seems like Frontdoor is facing some issues when regenerating certificate and we need to resolve them manually.

First issue for me is that it looks like we need to revalidate DNS zone everytime the cert is being updated. There is something regarding validation here which I am not sure I can interpret properly. It looks like pre-validated domain can regenerate the cert automatically, but for all others(Azure DNS zones) included the step of TXT entry renewal is manually needed. In another place they stated that already added CNAME for the domain is enought and no validation is needed, but I don't have it for top level, should i create that entry in parent DNS or what?

Second issue is that I cannot create CNAME for @ in dev.test.app, which maybe is describe here, but I don't get it.

Does anyone have some proper experience with setting the Front Door properly? Somehow it is working for me, but I need automatic cert renewal of dev.test.app and api.dev.test.app.

Azure DNS
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
634 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
630 questions
{count} votes

1 answer

Sort by: Most helpful
  1. KapilAnanth-MSFT 41,156 Reputation points Microsoft Employee
    2024-06-05T17:56:13.0433333+00:00

    @zveratko ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    #1You have a domain named "dev.test.app" delegated to Azure.

    #2The domain "api.dev.test.app" is not an Apex domain,

    Hope this helps.

    Cheers,

    Kapil