Problem with Azure Email Communication Service Custom Domain

Question

I've setup an Email Communication Service Custom Domain, the domain appears as verified across all the different settings in Provision Domains, and when I create an Azure Communication Service I can connect it to the Email Service and it successfully sends emails. However, when I click on the domain itself Chrome pops up a dialog asking me to:

Select a certificate to authentication yourself to
unitedstates.email.prod.communication.microsoft.com:443

It presents me with 2 certificates.

The first says the issuer is MS-Organization-Access and when I click on Certificate Information it tells me that Windows does not have enough information to verify this certificate.

The second says "This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store."

I setup this Custom Domain from my IONOS domain DNS records and like I said, it works. But clicking OK on the "Select a Certificate" Screen never works. If I click Cancel it goes away but I can't Add a new MailFrom address. Which I would like to do, to change the display name.

How would I go about resolving this issue?

Answer 1

Azure requires domain verification via a TXT record in DNS.
When clicking on the domain, Chrome prompts for a certificate because it detects a TLS connection requirement to unitedstates.email.prod.communication.microsoft.com:443.

Refer to this Microsoft Documentation to add and connect custom-verified email domains in Azure Communication Services.

The TXT record should follow the format required by Azure. Typically, it looks like this:

Name: @ (or your domain name without the http:// or https://) Type: TXT Value: ms=<verification_code> TTL: 3600 (or default)

Domain verification can take time to propagate across DNS servers. Once your domain is verified, you can add SPF and DKIM records to authenticate your domain.