Exception of type 'Microsoft.Azure.Cdn.Common.ProviderPluginContracts.ProviderException' was thrown.

Mathias Schübel 21 Reputation points
2022-03-27T11:47:46.177+00:00

Hello,
iam trying to bind a custom domain to a cdn endpoint.
Through the nature of the domain ( root, no subdomain ) i cant use the cdn managed certificate.

So i created a wildcard certificate for the domain, added it to the vault and tried to use it.

On saving, i got the following error: 'Exception of type 'Microsoft.Azure.Cdn.Common.ProviderPluginContracts.ProviderException' was thrown.' no further details.
Anyone got any hints?

187206-azure-cdn.png

Azure Content Delivery Network
0 comments No comments
{count} votes

Accepted answer
  1. ChaitanyaNaykodi-MSFT 26,706 Reputation points Microsoft Employee
    2022-03-29T18:52:44.713+00:00

    Hello @MathiasSchbel-5194, Welcome to the Microsoft Q&A platform.

    As I understand from the question you are trying to configure HTTPS on your custom domain for Microsoft Azure CDN. You are enabling HTTPS using your own certificate which is present on your Azure key vault. You got error 'Exception of type 'Microsoft.Azure.Cdn.Common.ProviderPluginContracts.ProviderException' was thrown.'

    I went through some issues internally with similar exceptions and there were usually two reasons for this exception.

    1. The TLS certificate created is not a complete certificate chain with leaf and intermediate certificates.
    2. The root CA is not a part of the Microsoft Trusted CA List.

    These requirements are documented here.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ----------

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. Mathias Schübel 21 Reputation points
    2022-04-04T07:50:35.267+00:00

    Thanks for your reply.
    You are, of course, right.

    The second part describes the problem:
    "The root CA is not a part of the Microsoft Trusted CA List."

    Basically letsencrypt is on that list, but i overlooked that i am still generating in the staging environment.
    The switch from https://acme-staging-v02.api.letsencrypt.org/ to https://acme-v02.api.letsencrypt.org/ fixed the problem.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.