What is wrong with our Azure Front Door CDN? Bad Gateway response caused by certificate issues?

Hans 0 Reputation points
2024-02-20T10:37:11.8966667+00:00

We have an Azure Front Door CDN that handles all our static resources for our website. Everything has been working fine for a year or so until yesterday. A request to our front door, e.g. https://cdn.example.com/image.jpg now results in a 502 Bad Gateway response and the message "Our services aren't available right now. We're working to restore all services as soon as possible. Please check back soon." A request direct to the same resource on our actual website, e.g. https://www.example.com/image.jpg, is working fine. Debugging by including the http header "X-Azure-DebugInfo: 1" gives some more information: "X-Azure-Externalerror: CertificateExpired". But which certificate has expired? The certificate for the origin website is up-to-date and everything seems fine in the Azure Portal, green checkmarks everywhere and no warnings. Any ideas what is causing this? What can we do to resolve it? Thanks

Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
584 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hans 0 Reputation points
    2024-02-21T07:19:54.8833333+00:00

    Hello, and thank you for your replies. We have found the cause for the issues. It turned out the Front Door origin was incorrect, an old domain name whose certificate expired recently, but had been working up until now. After changing to the correct domain we can confirm that the cdn urls are working. Do you recommend us to purge everything before start using the Front Door again?

    0 comments
  2. GitaraniSharma-MSFT 47,686 Reputation points Microsoft Employee
    2024-03-04T12:40:38.18+00:00

    Hello @Hans ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.

    Issue: A request to your Azure Front Door is resulting in 502 Bad Gateway response with an error message "Our services aren't available right now. We're working to restore all services as soon as possible. Please check back soon", but a direct request to the backend origin is working fine. On further debugging, you found the following error: "X-Azure-Externalerror: CertificateExpired".

    Solution: You found the cause for the issue. It turned out the Front Door origin was incorrect, an old domain name whose certificate expired recently, but had been working up until now. After changing to the correct domain, you can confirm that the CDN URLs are working.

    Answering your follow-up question below:

    Do you recommend us to purge everything before start using the Front Door again?

    Yes, it would be best to purge everything before start using the Front Door again.

    If you have any other questions or are still running into more issues, please let me know.

    Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments