Share via

front door: Our services aren't available right now

ceneax 0 Reputation points
2023-03-22T19:49:27.4466667+00:00

I created a Front Door dynamic acceleration service with a custom domain configured, but when I tried to access it, I got a 503 error. I checked the tutorials and troubleshooting guides on the official website, but I couldn't solve the problem.

I added a custom domain and applied for a certificate, and the console showed everything was normal.

The source server address is an IPv4 address, using the HTTP port, and the origin server does not use HTTPS.

After everything was set up, I received an error message saying "Our services aren't available right now."

What should I do?

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
864 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 50,106 Reputation points Microsoft Employee Moderator
    2023-03-23T09:51:58.0933333+00:00

    Hello @ceneax ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you have created an Azure Front Door with dynamic acceleration service, configured a custom domain and applied for an SSL certificate. The backend address is an IPv4 address using the HTTP port and the origin server does not use HTTPS but when you try to access the Azure Front Door custom domain, you get a 503 error with message "Our services aren't available right now. We're working to restore all services as soon as possible. Please check back soon."

    Since you've mentioned "I added a custom domain and applied for a certificate", I believe you have enabled/configured HTTPS on your Azure Front Door custom domain.

    Could you please confirm this?

    User's image

    Refer the below docs for more information.

    AFD Classic: https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https

    AFD Standard/Premium: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain

    If yes, then this is by design.

    503 error is returned if you connect to Azure Front Door HTTPS-enabled endpoints with IP based backend.

    Azure Front Door has a switch called EnforceCertificateNameCheck. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.

    However, as you are using IP address as the backend, your HTTPS-enabled Azure Front Door is failing the check.

    To resolve this issue, you must disable "EnforceCertificateNameCheck".

    User's image

    Refer: https://learn.microsoft.com/en-us/azure/frontdoor/troubleshoot-issues#503-responses-from-azure-front-door-only-for-https

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.