Site suddenly claims ssl certificate was revoked

Question

Site suddenly claims ssl certificate was revoked

Mark Zuckerman 0

I converted my service to extended support. Later, I successfully updated my SSL certificate and things were running fine until recently, when the browser claims the SSL certificate has been revoked. I checked with GoDaddy, and the certificate is current and active.

Has there been any service change that would cause this?
Is there some Azure feature not configured by the conversion process that could affect this?
If I have to rekey and reinstall the certificate, is there a way Azure can generate a CSR I can use with GoDaddy (rather than using my local IIS)?

Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-23T20:27:40.8433333+00:00

Hi Mark Zuckerman,

Could you please tell us few more details on this issue:

What type of service are you using in Azure (e.g., App Service, Virtual Machine, or Azure Clous service Extended support)?
What browser are you using when you encounter the SSL revocation message? Are there any specific error messages you see in the browser's console or network tab.
Mark Zuckerman 0 Reputation points

2025-04-23T20:38:32.0033333+00:00
Azure Cloud Service Extended Support

The message occurs in Edge and Chrome
Mark Zuckerman 0 Reputation points

2025-04-24T18:13:24.9733333+00:00

thanks for your detailed response. Since it worked OK for a while, I suspect the NSG may be at root. What do I have to do?
Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-28T16:44:09.2966667+00:00

Hi Mark Zuckerman,

Could you please check the private message and provide me your availability there. Thank you.
Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-29T18:48:43.76+00:00

Hi Mark Zuckerman,

Good to know your issue got resolved. If could you please let me know, the information provided by me is helpful to you. Please click on Upvote and Accept answer on it. If you have any further questions, let me know.Thank you.

2 answers

Your answer

Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-23T20:27:40.8433333+00:00

Hi Mark Zuckerman,

Could you please tell us few more details on this issue:

What type of service are you using in Azure (e.g., App Service, Virtual Machine, or Azure Clous service Extended support)?
What browser are you using when you encounter the SSL revocation message? Are there any specific error messages you see in the browser's console or network tab.
Mark Zuckerman 0 Reputation points

2025-04-23T20:38:32.0033333+00:00

Azure Cloud Service Extended Support

The message occurs in Edge and Chrome
Mark Zuckerman 0 Reputation points

2025-04-24T18:13:24.9733333+00:00

thanks for your detailed response. Since it worked OK for a while, I suspect the NSG may be at root. What do I have to do?
Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-28T16:44:09.2966667+00:00

Hi Mark Zuckerman,

Could you please check the private message and provide me your availability there. Thank you.
Anusree Nashetty 4,790 Reputation points Microsoft External Staff Moderator

2025-04-29T18:48:43.76+00:00

Hi Mark Zuckerman,

Good to know your issue got resolved. If could you please let me know, the information provided by me is helpful to you. Please click on Upvote and Accept answer on it. If you have any further questions, let me know.Thank you.

Answer 1

Hi Mark Zuckerman,

Check if the certificate thumbprint in your Azure portal matches the one that GoDaddy issued.
See that if your app’s network security group (NSG) or other firewall rules allow outbound access to GoDaddy’s CRL and OCSP URLs.
In Cloud Services (Extended Support), certs are stored in the certificates section of your ARM template or uploaded via the portal or CLI. Check that the new certificate is uploaded via the Azure portal or CLI with a .pfx file. Your ServiceConfiguration.Cloud.cscfg file has the correct thumbprint.

1. Has there been any service change that would cause this?
Azure occasionally updates its trusted root certificates. If GoDaddy’s chain relies on an older root that Azure no longer trusts, browsers may flag it as revoked
If your AES VM or App Gateway cannot reach GoDaddy’s Online Certificate Status Protocol (OCSP) or Certificate Revocation List (CRL) endpoints due to firewall/NSG rules, browsers may fail revocation checks.

2. Is there some Azure feature not configured by the conversion process that could affect this?
When you move to Cloud Services (Extended Support) in Azure, the underlying infrastructure changes. The new model is based on ARM (Azure Resource Manager) rather than ASM (Azure Service Manager). Some potential causes of SSL cert revocation issues after migration could be raised.

3. If I have to rekey and reinstall the certificate, is there a way Azure can generate a CSR I can use with GoDaddy (rather than using my local IIS)?
Azure doesn’t directly generate CSRs for you, it expects you to upload a PFX file (certificate + private key). However, if you're using Key Vault, App Services, or Application Gateway, Azure can generate a CSR for those resources.For Cloud Services (Extended Support), you need to: Generate the CSR using IIS, OpenSSL, or Key Vault. Get the cert from GoDaddy. Convert it to a PFX (if needed). Upload it to Azure.

For detailed information, please check: Update or change the certificate used in Azure Cloud Services (extended support)

If you have any further queries, let me know. If the information is helpful, please click on Upvote.

Answer 2

Mark Zuckerman 0

I rekeyed my ssl certificate and now things appear to be working. I got mixed messages from GoDaddy about the revocation issue. So I'll wait a few days to see if GoDaddy revokes. Thanks for checking in.

Share via

Site suddenly claims ssl certificate was revoked

2 answers

Your answer