CODEWITHSUNDEEP
azureazure-front-door
Todd
Todd

Reputation: 1822

Azure Front Door Designer - Update Custom Domain - New SSL

I renewed my Wildcard SSL certificate in my Key Vault and the secret version is set to 'latest' in the desginer, but the the SSL showing on the website is still the old cert. I set the expiring SSL cert to disabled in Key Vault.

How do I get Front Door to recognize the latest SSL cert? Do I just need to change a value, say minimum TLS version, to trigger the update so it picks up the new cert?

Ideas?

Upvotes: 1

Views: 1879

Answers (2)

BrettRobi
BrettRobi

Reputation: 3921

I was faced with this as well. It appears that if you update the KeyVault with the new TLS cert and have FrontDoor setup to use the "Latest" version then it will auto-magically update within 24 hrs. I'm assuming FrontDoor has a process that scans your KeyVault secret once a day and pulls the latest version.

Alternatively for more direct control you can set FrontDoor to use a specific secret version and manually update that version in FrontDoor after you've updated KeyVault.

Here's a link to the little documentation I found: https://learn.microsoft.com/en-us/azure/frontdoor/standard-premium/how-to-configure-https-custom-domain#certificate-renewal-and-changing-certificate-types

Upvotes: 3

Todd
Todd

Reputation: 1822

I was able to get the new certificate to show by updating the TLS value in the Update Custom Domain form. My thought was to get the form to update so it would force a refresh of the SSL certificate and that worked. Not ideal, but it worked.

Upvotes: 1

Related Questions