Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know if AFD Supports Automatic SSL certificate renewal for applications behind Entra Application Proxy.
I take it that you are following the below document :
- Using Azure Front Door to achieve geo-acceleration for your configuration.
- And you have configured the custom domain in the AFD and not in Application Proxy
- Please let me know if any of my observation incorrect.
In this case,
- If you are using a non-apex domain and a AFD Managed Certificate, Everything is managed by AFD and automatic certificate renewal/rotation happens as long as the domain CNAME record points directly to a Front Door endpoint or points indirectly to a Traffic Manager endpoint.
- However, if you are using an Apex domain, you have to revalidate domain ownership.
- For Customer Managed Certificates, see Renew customer-managed TLS certificates
Please let us know if we can be of any further assistance here.
Thanks,
Kapil