Front Door and SSL and A Records?


  • We have SSL enabled on a prod-tier Azure Website, single instance, DNS hosted by Godaddy, and after adding Front Door we now have this level of success:

    Connect to website via HTTP to AFD with custom domain - works

    Connect to website via HTTPS to AFD with custom domain - works

    Connect to website via HTTPS to AFD with custom domain - bad 

    <h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>

    Frontend hosts configuration:

    Custom Domain SSL is configured using Azure Key Vault with green checkmarks for "Importing certificate" and "Certificate provisioning" and "Complete". Certificate management type is set for [use my own certificate].

    Backend pools configuration:

    config1: host name:(ip number), priority:1, weight:50. Health probe and lead balancing set at default.

    Routing rule:

    routing1: frontend hosts: and also backend pool: config1. accepted protocols: http and https

    I don't know what is wrong. Help!

    Tuesday, February 12, 2019 7:34 PM

All replies

  • Greetings

    Thanks for posting here,

    Hope you have gone through this. If not please have a look.

    1. Azure Front Door Service currently only supports Key Vault accounts in the same subscription as the Front Door configuration. Choosing a Key Vault under a different subscription than your Front Door will result in a failure.

    2. Azure Front Door Service currently only supports Key Vault certificates stored under the Secrets section. Your certificate import will fail if you store it under Certificates section instead of Secrets section.

    3. Azure Front Door Service currently only supports certificates uploaded with a PFX without a password.

    If you think your question has been answered click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.
    Best regards


    Wednesday, February 13, 2019 9:55 AM
  • Our Key Vault config is fine. The website is now accessible over HTTP and HTTPS using the But there is still a problem.

    First issue is that the docs do not specifically state how to use an Azure App Service website with SSL enabled. An IP number is required for the back end host name, using the automatically populated website name does not work. That IP number needs a backend host header of the name, not the name.

    Second issue is that docs do not make it clear that there should be two frontend hosts, the and also and that the custom domain HTTPS bits must be changed there.

    Name propagation took a very long time to complete. When the portal GUI said AFD was ready, it was not really ready for several hours after that.

    So the current issue is that Azure Front Door did not change website responsiveness at all. 4 days later, after we would expect AFD to have fully propagated across Azure, page speed tests from various vendors give the same rating. In the single only routing rule established for the site, URL Rewrite is disabled, Caching is enabled, Caching is set for "Cache every unique URL", Dynamic compression is enabled. However, page speed has not changed.

    The actual website is in US West 2. Page speed tests have been tried from geographies across the globe.


    Thursday, February 14, 2019 2:11 PM
  • Thank you for your feedback. 

    Azure Front Door has POP Servers across the globe and it helps your to cache the unique URL and next time when you try accessing the same URL, it reduces the latency.(According to your Cache settings) 

    We need more data to see why this is happening. I would suggest you to enable diagnostic settings and enable FrontDoorAccessLogs to check all the request hitting AFD. 

    You can also take a look at the metric to check the latency. With the data, we can try to understand the nature of request, origin of the request and why AFD is behaving this way. 

    Let me know if you have any further questions. 



    Thursday, February 14, 2019 3:44 PM