Azure CDN doesn't show (or create new) CDN managed SSL cert on existing resource & custom domain

Andrew Connell 141 Reputation points MVP
2024-04-10T10:38:40.71+00:00

I've had an Azure CDN with a custom domain and a CDN-managed SSL cert working for years, but starting March 30, 2024, the website started throwing HTTP 526 errors. Since the cert is managed by Azure's CDN, I gave it a few days to resolve itself, but it never did.

In an attempt to fix it, I removed the SSL cert from the custom domain, let the process finish, purged everything from the CDN, and gave it a few hours. Since then, I've been unable to recreate the CDN-managed cert as the portal is throwing an error about the domain not being validated (it is... it's been validated for years & I have another CDN with a CDN-managed SSL cert working for a subdomain of the same site).

Screenshot 2024-04-10 at 6.26.50 AMScreenshot 2024-04-10 at 6.28.17 AM

What's strange is the site IS WORKING with a valid cert... except this cert was created (automatically renewed by the managed CDN process) AFTER the error started (created on March 31, 2024).

Screenshot 2024-04-10 at 6.29.40 AM

So, it appears there's a bug in the portal or an orphaned record somewhere... because the portal isn't reflecting that the CDN endpoint has a valid SSL cert applied to it, but even then, it won't let me create one.

I've been unable to fix this, where the portal shows the SSL cert is correctly applied and managed.

Azure Content Delivery Network
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,216 Reputation points Microsoft Employee
    2024-04-22T19:14:22.65+00:00

    @Andrew Connell

    I just went through the support ticket raised for this issue and I see that the issue was resolved.

    I am just summarizing the support ticket resolution here for community benefit. It will help if you could mark the answer as accepted and add any additional details if I missed any.

    Issue:

    You were facing issue with your Azure CDN with a custom domain and a CDN-managed SSL cert, where the website started throwing HTTP 526 errors. I an attempt to fix it, you removed the SSL cert from the custom domain to let the process finish, purged everything from the CDN, and gave it a few hours. Since then, you were unable to recreate the CDN-managed cert as the portal is throwing an error about the domain not being validated. Although the website started working with a valid cert after it was auto-renewed by Azure CDN but the Azure Portal still showcased the error above.

    Resolution:

    As the website was accessible over HTTPS, the SSL certificate was being recognized. The support engineer helped in finding out that as the custom domain was pointed to the DNS provider so the SSL certificate above was procured by the DNS provider so it was not recognized by Azure.

    After turning off the proxy for the custom domain in the DNS provider where the CNAME record resides, an SSL certificate was successfully created in the Azure portal. The SSL certificate is also being shown as created by Microsoft when checked at the custom domain.

    Reference Article: https://learn.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?toc=%2Fazure%2Ffrontdoor%2FTOC.json&tabs=option-1-default-enable-https-with-a-cdn-managed-certificate#tlsssl-certificates

    Thank you!

    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.