AFD certificate expiring in 44 days

Question

AFD certificate expiring in 44 days

Najwa Chakir 20

We have Azure Front Door Premium SKU domains with AFD Managed certificates, but he AFD certificate shows expiring in 44 days. the autorotation hasn't taken place. Same situation for another azure front door domain in another subscription. We need to renew theses certificates as soon as possible.

Thanks

Najwa Chakir 20 Reputation points

2025-04-22T20:11:18.87+00:00

The Domain is a subdomain, and under Custom domains, there is no revalidate domain. It still good "Validation approved" there is no Pending revalidation.
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-22T20:20:19.4+00:00
Hello @Najwa Chakir - Admin
Thank you for your reply,

Did you add the CNAME record to your custom domain?

The subdomains certificates are rotated automatically as long as the CNAME record is still pointing to "FDEndPoint"

As per this documentation - For the Azure Front Door Standard/Premium managed certificate option, the certificates are managed and auto-rotates within 45 days of expiry time by Azure Front Door. If you are using a Front Door managed certificate and see that the certificate expiry date is less than 30 days away.

Refer this doc's for more details: https://learn.microsoft.com/en-us/azure/frontdoor/domain#azure-front-door-managed-tls-certificates
Najwa Chakir 20 Reputation points

2025-04-23T16:37:45.45+00:00

Hi,

We have a special set up of Frond Door. The CNAME part is not configured in our public DNS, but the traffic pass by an Azure application gateway in order to resolve some restrictions in the DNS. So, yes the CNAME is not detected. the same domain with www the CNAME is OK, and the certificate as well. I need support in this case please. Can you send me a session Zoom or Teams?
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T16:55:41.69+00:00

Hi @Najwa Chakir - Admin,

I have sent a message in the private message. Could you please share those details?
Chakir, Najwa 0 Reputation points

2025-04-23T18:07:08.7666667+00:00

Hi,

Can you send it again. it wasn't the right email.

Thanks
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T18:28:09.9766667+00:00

Hi @Najwa Chakir,
Can you share your email in the private message? We should schedule a Teams call.
Chakir, Najwa 0 Reputation points

2025-04-23T18:40:00.0666667+00:00

Unfortunately I don't have this option:
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T18:44:17.6666667+00:00

Hi Chakir, Najwa
I think you might be using a different account. Could you please try using the account with the username Najwa Chakir?

Accepted answer

0 additional answers

Your answer

Najwa Chakir 20 Reputation points

2025-04-22T20:11:18.87+00:00

The Domain is a subdomain, and under Custom domains, there is no revalidate domain. It still good "Validation approved" there is no Pending revalidation.
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-22T20:20:19.4+00:00

Hello @Najwa Chakir - Admin
Thank you for your reply,

Did you add the CNAME record to your custom domain?

The subdomains certificates are rotated automatically as long as the CNAME record is still pointing to "FDEndPoint"

As per this documentation - For the Azure Front Door Standard/Premium managed certificate option, the certificates are managed and auto-rotates within 45 days of expiry time by Azure Front Door. If you are using a Front Door managed certificate and see that the certificate expiry date is less than 30 days away.

Refer this doc's for more details: https://learn.microsoft.com/en-us/azure/frontdoor/domain#azure-front-door-managed-tls-certificates
Najwa Chakir 20 Reputation points

2025-04-23T16:37:45.45+00:00

Hi,

We have a special set up of Frond Door. The CNAME part is not configured in our public DNS, but the traffic pass by an Azure application gateway in order to resolve some restrictions in the DNS. So, yes the CNAME is not detected. the same domain with www the CNAME is OK, and the certificate as well. I need support in this case please. Can you send me a session Zoom or Teams?
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T16:55:41.69+00:00

Hi @Najwa Chakir - Admin,

I have sent a message in the private message. Could you please share those details?
Chakir, Najwa 0 Reputation points

2025-04-23T18:07:08.7666667+00:00

Hi,

Can you send it again. it wasn't the right email.

Thanks
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T18:28:09.9766667+00:00

Hi @Najwa Chakir,
Can you share your email in the private message? We should schedule a Teams call.
Chakir, Najwa 0 Reputation points

2025-04-23T18:40:00.0666667+00:00

Unfortunately I don't have this option:
Rohith Vinnakota 4,585 Reputation points Microsoft External Staff Moderator

2025-04-23T18:44:17.6666667+00:00

Hi Chakir, Najwa
I think you might be using a different account. Could you please try using the account with the username Najwa Chakir?

Answer 1

Hi @Najwa Chakir - Admin

The domain is not an Apex domain (subdomain),

It is just a CNAME record under the domain
So the process is straight forward : Configure a custom domain on Azure Front Door
The subdomains certificates are rotated automatically as long as the CNAME record is still pointing to "FDEndPoint"
See : managed TLS certificates

You have a Apex domain or Root domain

Please follow: Onboard a root or apex domain to Azure Front Door to add ALIAS record pointing Apex domain to "FDEndPoint" on how to configure custom domains
For Apex domains, Azure managed certificates are not automatically rotated.
See : managed TLS certificates

User's image

Also see: AFD-managed TLS certificate rotation - How to rotate/renew
This is nothing but regenerating the TXT value and adding it to the DNS Zone
Also, please share your domain in a private message.

Kindly let us know if the above helps or you need further assistance on this issue.

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

AFD certificate expiring in 44 days

0 additional answers

Your answer