![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 47%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 23%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVV%3C/text%3E%3C/svg%3E)
Hi @ Reed at PS,
Welcome to Microsoft Q&A Platform.
When you update a certificate in Azure Key Vault that is used by Azure Front Door (Standard/Premium) as a customer-managed TLS certificate, the update behavior depends on how the secret version is configured.
If you select a specific version of your certificate, you have to reselect the new version manually when you update your certificate.
As per Microsoft Document: Renew customer-managed TLS certificates
It takes up to 72 hours for the new version of the certificate/secret to be automatically deployed.
If the secret version is set to “Latest”, Azure Front Door automatically detects and uses the updated certificate version from Azure Key Vault. However, certificate deployment across the global Front Door infrastructure can take up to 72 hours.
No manual action is required unless the update has not propagated after this period.
Please
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.