MicrosoftDocs
diff --git a/‎articles/frontdoor/media/how-to-add-custom-domain/add-domain-page.png
11.2 KB b/‎articles/frontdoor/media/how-to-add-custom-domain/add-domain-page.png
11.2 KB
diff --git a/‎articles/frontdoor/media/how-to-add-custom-domain/pre-validated-custom-domain.png
43.4 KB b/‎articles/frontdoor/media/how-to-add-custom-domain/pre-validated-custom-domain.png
43.4 KB
diff --git a/‎articles/frontdoor/standard-premium/how-to-add-custom-domain.md
Lines changed: 42 additions & 35 deletions b/‎articles/frontdoor/standard-premium/how-to-add-custom-domain.md
Lines changed: 42 additions & 35 deletions
@@ -18,12 +18,14 @@ When you use Azure Front Door for application delivery, a custom domain is neces
 
 After you create an Azure Front Door Standard/Premium profile, the default frontend host will have a subdomain of `azurefd.net`. This subdomain gets included in the URL when Azure Front Door Standard/Premium delivers content from your backend by default. For example, `https://contoso-frontend.azurefd.net/activeusers.htm`. For your convenience, Azure Front Door provides the option of associating a custom domain with the default host. With this option, you deliver your content with a custom domain in your URL instead of an Azure Front Door owned domain name. For example, `https://www.contoso.com/photo.png`.
 
-Azure Front Door suppport two types of domains, Non-Azure validated domain and Azure pre-validated domain. Azure managed certificate and customer certificate are supported on both types. For more details, see [Configure HTTPS on a custom domain](how-to-configure-https-custom-domain.md).
-* Azure pre-validated domains are domains validated by another Azure service. This domain type is useful when you onboard and valiated a domain to an Azure service, and then want to enable Azure Front Door for application acceleration and/or WAF protection. There is no need to validate the domain on Azure Front Door when you onboard this type of domain.
-* Non-Azure validated domains refer to domains that are not validated by any Azure service. This domain type can be hosted on any DNS service and requires domain ownership validation on Azure Front Door. 
+Azure Front Door supports two types of domains, non-Azure validated domain and Azure pre-validated domain. Azure managed certificate and customer certificate are supported for both types. For more information, see [Configure HTTPS on a custom domain](how-to-configure-https-custom-domain.md).
 
-   > [!NOTE]
-   > * Currently Azure pre-validated domain supports domain validated by Static Web App.
+* **Azure pre-validated domains** - are domains validated by another Azure service. This domain type is used when you onboard and validated a domain to an Azure service, and then configured the Azure service behind an Azure Front Door. You don't need to validate the domain through the Azure Front Door when you use this type of domain.
+
+    > [!NOTE]
+    > Currently Azure pre-validated domain only supports domain validated by Static Web App.
+
+* **Non-Azure validated domains** - are domains that aren't validated by any Azure service. This domain type can be hosted with any DNS service and requires domain ownership validation with Azure Front Door. 
 
 ## Prerequisites
 
@@ -36,36 +38,41 @@ Azure Front Door suppport two types of domains, Non-Azure validated domain and A
 ## Add a new custom domain
 
 > [!NOTE]
-> * If a custom domain is validated in one of the Azure Front Door Standard, Premium, classic or classic Microsoft CDN profiles, then it can't be added to another profile.
+> If a custom domain is validated in an Azure Front Door or a Microsoft CDN profile already, then it can't be added to another profile.
 
-A custom domain is managed by Domains section in the portal. A custom domain can be created and validated before association to an endpoint. A custom domain and its subdomains can be associated with only a single endpoint at a time. However, you can use different subdomains from the same custom domain for different Front Doors. You can also map custom domains with different subdomains to the same Front Door endpoint.
+A custom domain is configured on the **Domains** page of the Front Door profile. A custom domain can be set up and validated prior to endpoint association. A custom domain and its subdomains can only be associated with a single endpoint at a time. However, you can use different subdomains from the same custom domain for different Front Door profiles. You may also map custom domains with different subdomains to the same Front Door endpoint.
 
 1. Select **Domains** under settings for your Azure Front Door profile and then select **+ Add** button.
 
     :::image type="content" source="../media/how-to-add-custom-domain/add-domain-button.png" alt-text="Screenshot of add domain button on domain landing page.":::
 
-1. The **Add a domain** page will appear where you can enter information about of the custom domain. For **Domain type**, you can choose **Non-Azure validated domain** or **Azure pre-validated domain**.
-      * **Azure pre-validated domain** are domains validated by another Azure service. When you select this option, there is no need to valiate domain ownership on Azure Front Door. A dropdown list of the domains validated and grouped by the supported Azure services are populated. 
-      * **Non-Azure validated domain** need domain ownership validation. When you select Non-Azure validated domain, Azure-managed DNS is recommended or you can choose to use your own DNS provider. If you choose Azure-managed DNS, select an existing DNS zone and then select a custom subdomain or create a new one. If you're using another DNS provider, manually enter the custom domain name. Select **Add** to add your custom domain.
+1. On the *Add a domain* page, select the **Domain type**. You can select between a **Non-Azure validated domain** or an **Azure pre-validated domain**.
 
-   > [!NOTE]
-   > *  Azure Front Door supports both Azure managed certificate and customer-managed certificates. For Non-Azure validated domain, the managed certificate is issued and managed by Azure Front Door. For Azure pre-validated domain, the managed certificate (Azure managed) is issued and managed by the other Azure service. For both scenarios, you can bring your own certificate. If you want to use customer-managed certificate, see [Configure HTTPS on a custom domain](how-to-configure-https-custom-domain.md).
-   > * Azure Front Door supports loading Azure pre-validated domains and Azure DNS zones cross subscriptions on portal.
-   > * Currently Azure pre-validated domain supports domain validated by Static Web App.
-   
-    :::image type="content" source="../media/how-to-add-custom-domain/add-domain-page.png" alt-text="Screenshot of add a domain page.":::
+    * **Non-Azure validated domain** is a domain that requires ownership validation. When you select Non-Azure validated domain, the recommended DNS management option is to use Azure-managed DNS. You may also use your own DNS provider. If you choose Azure-managed DNS, select an existing DNS zone. Then select an existing custom subdomain or create a new one. If you're using another DNS provider, manually enter the custom domain name. Then select **Add** to add your custom domain.
+
+        :::image type="content" source="../media/how-to-add-custom-domain/add-domain-page.png" alt-text="Screenshot of add a domain page.":::  
+
+    * **Azure pre-validated domain** is a domain already validated by another Azure service. When you select this option, domain ownership validation isn't required by Azure Front Door. A dropdown list of validated domains by different Azure services will appear.
 
-    A new custom domain is created with a validation state of **Submitting**.
+        :::image type="content" source="../media/how-to-add-custom-domain/pre-validated-custom-domain.png" alt-text="Screenshot of pre-validated custom domain in add a domain page.":::    
+
+    > [!NOTE]
+    > * Azure Front Door supports both Azure managed certificate and Bring Your Own Certificates. For Non-Azure validated domain, the Azure managed certificate is issued and managed by the Azure Front Door. For Azure pre-validated domain, the Azure managed certificate gets issued and is managed by the Azure service that validates the domain. To use own certificate, see [Configure HTTPS on a custom domain](how-to-configure-https-custom-domain.md).
+    > * Azure Front Door supports Azure pre-validated domains and Azure DNS zones in different subscriptions. 
+    > * Currently Azure pre-validated domains only supports domains validated by Static Web App.
+
+    A new custom domain will have a validation state of **Submitting**.
 
     :::image type="content" source="../media/how-to-add-custom-domain/validation-state-submitting.png" alt-text="Screenshot of domain validation state submitting.":::
 
-    Wait until the validation state changes to **Pending**. This operation could take a few minutes.
     > [!NOTE]
-    > The validation state for Azure pre-validated domain goes into **Approved**. Please skip to Associate the custom domain with your Front Door Endpoint directly and complete the remaining steps. 
+    > An Azure pre-validated domain will have a validation state of **Pending** and will automatically change to **Approved** after a few minutes. Once validation gets approved, skip to [**Associate the custom domain to your Front Door endpoint**](#associate-the-custom-domain-to-your-front-door-endpoint) and complete the remaining steps. 
+
+    The validation state will change to **Pending** after a few minutes.
 
     :::image type="content" source="../media/how-to-add-custom-domain/validation-state-pending.png" alt-text="Screenshot of domain validation state pending.":::
 
-1. Select the **Pending** validation state. A new page will appear with DNS TXT record information needed to validate the custom domain. The TXT record is in the form of `_dnsauth.<your_subdomain>`. If you're using Azure DNS-based zone, select the **Add** button and a new TXT record with the displayed record value will be created in the Azure DNS zone. If you're using another DNS provider, manually create a new TXT record of name `_dnsauth.<your_subdomain>` with the record value as shown on the page.
+1. Select the **Pending** validation state. A new page will appear with DNS TXT record information needed to validate the custom domain. The TXT record is in the form of `_dnsauth.<your_subdomain>`. If you're using Azure DNS-based zone, select the **Add** button, and a new TXT record with the displayed record value will be created in the Azure DNS zone. If you're using another DNS provider, manually create a new TXT record of name `_dnsauth.<your_subdomain>` with the record value as shown on the page.
 
     :::image type="content" source="../media/how-to-add-custom-domain/validate-custom-domain.png" alt-text="Screenshot of validate custom domain page.":::
 
@@ -76,26 +83,26 @@ A custom domain is managed by Domains section in the portal. A custom domain can
 ### Domain validation state
 
 | Domain validation state | Description and actions |
-| -- | -- |
+|--|--|
+| Approved | This status means the domain has been successfully validated. |
+| Internal error | If you see this error, retry validation by selecting the **Refresh** or **Regenerate** button. If you're still experiencing issues, submit a support request to Azure support. |
+| Pending | A domain goes to pending state once the DNS TXT record challenge is generated. Add the DNS TXT record to your DNS provider and wait for the validation to complete. If the status remains **Pending** even after the TXT record has been updated with the DNS provider, select **Regenerate** to refresh the TXT record then add the TXT record to your DNS provider again. |
+| Pending re-validation | This status occurs when the managed certificate is less than 45 days from expiring. If you have a CNAME record already pointing to the Azure Front Door endpoint, no action is required for certificate renewal. If the custom domain is pointed to another CNAME record, select the **Pending re-validation**, and then select **Regenerate** on the *Validate the custom domain* page. Lastly, select **Add** if you're using Azure DNS or manually add the TXT record with your own DNS provider’s DNS management. |
+| Refreshing validation token | A domain goes into a *Refreshing Validation Token* state for a brief period after the **Regenerate** button is selected. Once a new TXT record challenge is issued, the state will change to **Pending**. |
+| Rejected | This  when the certificate provider/authority rejects the issuance for the managed certificate, for example, when the domain is invalid. Select the **Rejected** link and then select **Regenerate** on the *Validate the custom domain* page, as shown in the screenshots below this table. Then select **Add** to add the TXT record in the DNS provider. |
 | Submitting | When a new custom domain is added and being created, the validation state becomes Submitting. |
-| Pending | A domain goes to pending state once the DNS TXT record challenge is generated. Please add the DNS TXT record to your DNS provider and wait for the validation to complete. If it is in ‘Pending’ even after the TXT record is updated in the DNS provider, please try to click ‘Regenerate’ to refresh the TXT record and add the TXT record to your DNS provider again. |
-| Rejected | This state is applicable when the certificate provider/authority rejects the issuance for the managed certificate, e.g. when the domain is invalid. Please click on the ‘Rejected’ link and click ‘Regenerate’ on the ‘Validate the custom domain’ page, as shown in the screenshots below this table. Then click on Add to add the TXT record in the DNS provider. |
-| TimeOut | The domain validation state will become from ‘Pending’ to ‘Timeout’ if you do not add it to your DNS provider within 7 days or add an invalid DNS TXT record. Please click on the Timeout and hit ‘Regenerate’ on the ‘Validate the custom domain’ page, as shown in the screenshots below this table. Then click on Add. Repeat step 3 and 4. |
-| Approved | This means the domain has been successfully validated. |
-| Pending re-validation | This happens when the managed certificate is 45 days or less from expiry. If you have a CNAME record pointing to the AFD endpoint, no action is required for certificate renewal. If the custom domain is pointing to other CNAME records, please click on ‘Pending Revalidation’ and hit ‘Regenerate’ on the ‘Validate the custom domain’ page, as shown in the screenshots below this table. Then click on Add or add the TXT record with your own DNS provider’s DNS management. |
-| Refreshing validation token | A domain goes to “Refreshing Validation Token’ stage for a brief period after Regenerate button is clicked. Once a new TXT record challenge is issued, the state changes to Pending. |
-| Internal error | If you see this error, retry by clicking the **Refresh** or **Regenerate** buttons. If you're still experiencing issues, raise a support request. |
+| Timeout | The domain validation state will change from *Pending* to *Timeout* if the TXT record isn't added to your DNS provider within seven days. You'll also see a *Timeout* state if an invalid DNS TXT record has been added. Select the **Timeout** link and then select **Regenerate** on the *Validate the custom domain* page. Then select **Add** to add the TXT record to the DNS provider. |
 
 > [!NOTE]
 > 1. The default TTL for TXT record is 1 hour. When you need to regenerate the TXT record for re-validation, please pay attention to the TTL for the previous TXT record. If it doesn't expire, the validation will fail until the previous TXT record expires. 
 > 2. If the **Regenerate** button doesn't work, delete and recreate the domain.
 > 3. If the domain state doesn't reflect as expected, select the **Refresh** button.
 
-## Associate the custom domain with your Front Door Endpoint
+## Associate the custom domain to your Front Door endpoint
 
-After you've validated your custom domain, you can then add it to your Azure Front Door Standard/Premium endpoint.
+After you validate your custom domain, you can associate it to your Azure Front Door Standard/Premium endpoint.
 
-1. Once custom domain is validated, you can associate it to an existing Azure Front Door endpoint and route. Select the **Unassociated** link to open the **Associate endpoint and routes** page. Select an endpoint and routes you want to associate with. Then select **Associate**. Close the page once the associate operation completes.
+1. Select the **Unassociated** link to open the **Associate endpoint and routes** page. Select an endpoint and routes you want to associate the domain with. Then select **Associate** to update your configuration.
 
     :::image type="content" source="../media/how-to-add-custom-domain/associate-endpoint-routes.png" alt-text="Screenshot of associate endpoint and routes page.":::
 
@@ -107,12 +114,12 @@ After you've validated your custom domain, you can then add it to your Azure Fro
 
     :::image type="content" source="../media/how-to-add-custom-domain/dns-state-link.png" alt-text="Screenshot of DNS state link.":::
 
+    > [!NOTE]
+    > For an Azure pre-validated domain, go to the DNS hosting service and manually update the CNAME record for this domain from the other Azure service endpoint to Azure Front Door endpoint. This step is required, regardless of whether the domain is hosted with Azure DNS or with another DNS service. The link to update the CNAME from the DNS State column isn't available for this type of domain.
+
 1. The **Add or update the CNAME record** page will appear and display the CNAME record information that must be provided before traffic can start flowing. If you're using Azure DNS hosted zones, the CNAME records can be created by selecting the **Add** button on the page. If you're using another DNS provider, you must manually enter the CNAME record name and value as shown on the page.
 
     :::image type="content" source="../media/how-to-add-custom-domain/add-update-cname-record.png" alt-text="Screenshot of add or update CNAME record.":::
-    
-   > [!NOTE]
-   > For Azure pre-validated domain, please go to the DNS hosting service and manually change the CNAME record for this domain from the other Azure service endpoint to Azure Front Door endpoint, regardless of whether the domain is hosted on Azure DNS or other DNS services. The DNS state column on Azure Front Door domain blade is non-editable or clickable.
 
 1. Once the CNAME record gets created and the custom domain is associated to the Azure Front Door endpoint completes, traffic flow will start flowing.
 
@@ -125,7 +132,7 @@ After you've validated and associated the custom domain, verify that the custom
 
 :::image type="content" source="../media/how-to-add-custom-domain/verify-configuration.png" alt-text="Screenshot of validated and associated custom domain.":::
 
-Then lastly, validate that your application content is getting served using a browser.
+Lastly, validate that your application content is getting served using a browser.
 
 ## Next steps