Share via

Azure CDN SSL certificate

BDO-3143 21 Reputation points
2020-07-22T11:57:29.847+00:00

Hi,

since about two years we use a Azure CDN service (Premium Verizon).

We configured a custom domain with "Certificate management type" = "CDN managed".

So we thougt the certificate will be renewed automatically, since that's in the description of this type.

On 2020-07-16 the certificate expired, so auto renewal was not working as it should be and our service was down.

As it seems to be not possible to manual trigger the renewal process, we decided to use our own certificate for this endpoint.
We set the configuration and after about three days, the "Status" was still "Enabling" with Details "Certificate successfully deployed".

In the meantime we checked the current certificate binding to the endpoint and we saw that there was a new certificate (from Azure, valid till Dec 2020).

So we decided to remove the "Custom Domain" and started from scratch.
After about one day the "Custom HTTPS Status" says "Enabled " and "Details" also "Certificate successfully deployed", so we thougt everything is OK now....

So we checked the certificate and it's still the same "Azure CDN managed", valid till Dec 2020.

The question is, how to make our cert available and is the CDN SSL Management reliable at all?

Azure Content Delivery Network

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator
    2020-07-24T09:34:52.577+00:00

    Hello @BDO-3143 ,

    As per the confirmation provided by Verizon and Digi-cert, the certificate renewal process happens automatically at the backend before the date of expiry.

    However, there have been a few cases with Verizon CDN where the certificate did not renew automatically and one of the causes provided by the Verizon team was that some of the domains are on a older workflow and they are tracking the legacy certificates and working on a script to migrate all domains to the new workflow which would auto renew.

    To find out what happened in your case, a deeper investigation is required, so if you have a support plan, I request you to file a support ticket, else please do let us know, we will try and help you get a one-time free technical support. In this case, could you send an email to azcommunity@microsoft.com in below format?

    Subject of the email : Q&A Issue title
    Body of the email : Need one time free technical support.
    Your Subscription ID
    CDN Profile Name
    CDN Endpoint Name (if applicable)
    CDN Custom Domain hostname (if applicable)
    Q&A thread link : https://learn.microsoft.com/en-us/answers/questions/50770/index.html
    Worked with : Gitarani Sharma

    Thank you for your cooperation on this matter and I look forward to your reply.

    1 person found this answer helpful.
  2. Jason Bluefire 1 Reputation point
    2022-07-27T14:09:04.407+00:00

    If your finding this in 2022 like I did,

    Verizon Edge Cast did change over to a new workflow like the top answer says but as I found out after going though support a CDN instance can get stuck in an old non-working workflow.

    For me it was stuck because I had two custom domains on my instance and one was not used, and no longer had a valid DNS record, this made it so the automated process that migrates instances to the new CERT renewal workflow could not run. There is no error shown on the Azure side, and the custom domain I did use worked fine, up until the CERT expired.

    If you go through each of the Custom domains, disable custom HTTPS, wait 8 hours, enable custom HTTPS on the custom domain endpoint you use and want, it will get reenabled on the new workflow and get updated CERTs from the CDN service.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.