Hello @ceneax ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand that you have created an Azure Front Door with dynamic acceleration service, configured a custom domain and applied for an SSL certificate. The backend address is an IPv4 address using the HTTP port and the origin server does not use HTTPS but when you try to access the Azure Front Door custom domain, you get a 503 error with message "Our services aren't available right now. We're working to restore all services as soon as possible. Please check back soon."
Since you've mentioned "I added a custom domain and applied for a certificate", I believe you have enabled/configured HTTPS on your Azure Front Door custom domain.
Could you please confirm this?
Refer the below docs for more information.
AFD Classic: https://learn.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
AFD Standard/Premium: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain
If yes, then this is by design.
503 error is returned if you connect to Azure Front Door HTTPS-enabled endpoints with IP based backend.
Azure Front Door has a switch called EnforceCertificateNameCheck
. By default, this setting is enabled. When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension.
However, as you are using IP address as the backend, your HTTPS-enabled Azure Front Door is failing the check.
To resolve this issue, you must disable "EnforceCertificateNameCheck
".
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.