You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/frontdoor/front-door-custom-domain-https.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,11 +5,10 @@ author: halkazwini
5
5
ms.author: halkazwini
6
6
ms.service: azure-frontdoor
7
7
ms.topic: how-to
8
-
ms.date: 05/15/2025
8
+
ms.date: 08/07/2025
9
+
ms.custom: build-2025
9
10
10
11
#Customer intent: As a website owner, I want to enable HTTPS on the custom domain in my Front Door (classic) so that my users can use my custom domain to access their content securely.
11
-
ms.custom:
12
-
- build-2025
13
12
---
14
13
15
14
# Configure HTTPS on an Azure Front Door (classic) custom domain
@@ -76,12 +75,12 @@ To enable HTTPS on a Front Door (classic) custom domain, you need a TLS/SSL cert
76
75
### Option 1 (default): Use a certificate managed by Front Door
77
76
78
77
Using a certificate managed by Azure Front Door Classic allows you to enable HTTPS with a few settings changes. Azure Front Door Classic handles all certificate management tasks, including procurement and renewal. This is supported for custom domains with direct CNAME to Azure Front Door Classic endpoint.
79
-
> [!IMPORTANT]
80
78
81
-
> - As of May 8, 2025, DigiCert no longer supports the WHOIS-based domain validation method. Hence, if your domains with indirect CNAME to Azure Front Door Classic endpoint, you must use the Bring your own certificate feature.
82
-
> - Due to the WHOIS-based domain validation, managed certificate issued using WHOIS-based domain validation can't be auto renewed until you have direct CNAME pointed to Azure Front Door Classic.
83
-
> - Managed certificates are not available for root or apex domains. If your Azure Front Door Classic custom domain is a root or apex domain, you must use the Bring your own certificate feature.
84
-
> - Managed certificate autorenewal requires that your custom domain be directly mapped to your Azure Front Door Classic endpoint by a CNAME record.
79
+
> [!IMPORTANT]
80
+
> - As of May 8, 2025, DigiCert no longer supports the WHOIS-based domain validation method. If your domain uses an indirect CNAME mapping to Azure Front Door Classic endpoint, you must use the **Bring Your Own Certificate (BYOC)** feature.
81
+
> - Due to changes in WHOIS-based domain validation, managed certificates issued using WHOIS-based domain validation can't be autorenewed until you have a direct CNAME pointing to Azure Front Door Classic.
82
+
> - Managed certificates aren't available for root or apex domains (for example, `contoso.com`). If your Azure Front Door Classic custom domain is a root or apex domain, you must use the **Bring Your Own Certificate (BYOC)** feature.
83
+
> - Managed certificate autorenewal requires that your custom domain be directly mapped to your Azure Front Door Classic endpoint using a CNAME record.
85
84
86
85
To enable HTTPS on a custom domain:
87
86
@@ -96,7 +95,7 @@ To enable HTTPS on a custom domain:
96
95
1. Proceed to [Validate the domain](#validate-the-domain).
97
96
98
97
> [!NOTE]
99
-
> - DigiCert’s 64 character limit is enforced for Azure Front Door-managed certificates. Validation will fail if this limit is exceeded.
98
+
> - DigiCert’s 64 character limit is enforced for Azure Front Door-managed certificates. Validation fails if this limit is exceeded.
100
99
> - Enabling HTTPS via Front Door managed certificate isn't supported for apex/root domains (for example, contoso.com). Use your own certificate for this scenario (see Option 2).
0 commit comments