Hello Dimitar Grozev,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Problem
Sequel to your questions, I understand that you are facing an SSL certificate validation error when attempting to access Azure Storage Account static website using a custom domain. Despite correctly configuring the DNS records and ensuring that the SSL certificate is automatically generated by Azure, you are unable to resolve the issue.
Scenario
Dimitar has set up a static website on an Azure Storage Account and he’s trying to reach it through a custom domain name. He’s done his part by adding a CNAME record in his DNS zone, linking the custom domain to the endpoint of the Azure Storage Account. Normally, Azure should automatically create an SSL certificate for the custom domain. But, when Dimitar attempts to visit the website via the custom domain, he’s met with an SSL certificate validation error. The error message suggests that the SSL certificate the server is presenting doesn’t align with the domain name being accessed. Even though he’s followed the suggested steps, Dimitar can’t seem to fix the issue and is looking for help to troubleshoot this SSL certificate validation error.
Solution
This prescribed solution was based on the scenario given and your questions, while focusing on the problem statement.
There are two things:
- If you're hosting a static website on an Azure Storage Account and want to use a custom domain with SSL, you would typically need to use a Content Delivery Network (CDN) service. Read for more clarification: https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-static-website and https://stackoverflow.com/questions/61662502/enabling-https-for-a-azure-blob-static-website
- If you're using Azure Static Web Apps, free SSL/TLS certificates are automatically created for the auto-generated domain name and any custom domains you may add. Read more for clarification: https://learn.microsoft.com/en-us/azure/static-web-apps/custom-domain and https://learn.microsoft.com/en-us/azure/static-web-apps/custom-domain-azure-dns?source=recommendations
Finally
If you are configuring the right as stated in the number 2 above. You can use Azure CLI to configure the below:
- Get the SSL Certificate Thumbprint
Verify SSL Certificate Configuration
# Set variables
resourceGroupName="<your-resource-group-name>"
webappName="<your-webapp-name>"
# Get SSL certificate thumbprint
sslCertificateThumbprint=$(az webapp config ssl list --resource-group $resourceGroupName --name $webappName --query "[0].thumbprint" --output tsv)
echo "SSL Certificate Thumbprint: $sslCertificateThumbprint"
# Verify SSL certificate configuration
sslCertificate=$(az webapp config ssl show --resource-group $resourceGroupName --name $webappName --thumbprint $sslCertificateThumbprint)
echo "SSL Certificate Configuration: $sslCertificate"
# After verifying SSL thumbprint and copied
# Set variables
resourceGroupName="<your-resource-group-name>"
webappName="<your-webapp-name>"
thumbprint="<your-ssl-thumbprint>"
# Bind SSL certificate to the web app
az webapp config ssl bind \
--name $webappName \
--resource-group $resourceGroupName \
--certificate-thumbprint $thumbprint \
--ssl-type SNI
Use the above in Azure CLI and provide respective value
Everything should work fine.
References
Read more additional resources provided by the right side of this page.
Also, check through the links provided in the solution.
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam