Skip to content

Commit ee32c30

Browse files
Merge pull request #300628 from Harikrishnan-M-B/patch-47
fixed inconsistency
2 parents 36f23ac + b106ce8 commit ee32c30

File tree

1 file changed

+2
-1
lines changed

1 file changed

+2
-1
lines changed

articles/frontdoor/domain.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -186,13 +186,14 @@ For most custom domains, Azure Front Door automatically renews (rotates) managed
186186
However, Azure Front Door won't automatically rotate certificates in the following scenarios:
187187

188188
* The custom domain's CNAME record is pointing to a DNS record other than your Azure Front Door endpoint's domain.
189-
* The custom domain points to the Azure Front Door endpoint through a chain. For example, if your DNS record points to Azure Traffic Manager, which in turn resolves to Azure Front Door, the CNAME chain is `contoso.com` CNAME in `contoso.trafficmanager.net` CNAME in `contoso.z01.azurefd.net`. Azure Front Door can't verify the whole chain.
189+
* The custom domain points to the Azure Front Door endpoint through a chain.
190190
* The custom domain uses an A record. We recommend you always use a CNAME record to point to Azure Front Door.
191191
* The custom domain is an [apex domain](apex-domain.md) and uses CNAME flattening.
192192

193193
If one of the scenarios above applies to your custom domain, then 45 days before the managed certificate expire, the domain validation state becomes *Pending Revalidation*. The *Pending Revalidation* state indicates that you need to create a new DNS TXT record to revalidate your domain ownership.
194194

195195
> [!NOTE]
196+
> An exception to the above is that Azure Front Door (Standard and Premium) managed certificates are automatically rotated even if the domain CNAME record points indirectly to a Traffic Manager endpoint.
196197
> DNS TXT records expire after seven days. If you previously added a domain validation TXT record to your DNS server, you need to replace it with a new TXT record. Ensure you use the new value, otherwise the domain validation process will fail.
197198
198199
If your domain can't be validated, the domain validation state becomes *Rejected*. This state indicates that the certificate authority has rejected the request for reissuing a managed certificate.

0 commit comments

Comments
 (0)