Issue with domain validation in Azure FrontDoor/DNS

Szymon Sasin 0

Hi,

I need a little bit of help with setting up my custom subdomain for my Front Door. The plan was to use the front door to point to my Static site ( which works) and to use a nice domina instead of the default name-ashasfpjndfhjlsdf.azurefd.net on the domain hosted in Azure DNS.

As I am planning to create a subdomain which mimics the real domain, my idea was to replace dots with dashes. However, for unknown reasons, I am not able to add a domain ending with UK. And yet I can add the other domains without any troubles.

User's image

As you can see the record value is not being generated, even after pressing "regenerate" button.

KapilAnanth-MSFT 47,121 Reputation points Microsoft Employee

2023-09-19T13:11:26.39+00:00
@Szymon Sasin

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

I understand that you are trying to add the sub-domain "be--test-uk" as a custom domain to your AFD Deployment.

Also, I see that

You are using a domain hosted in Azure

And your domain name is "be-functional.site"

I did a lab repo and I was able to reproduce your error.

You are right, when the record name ends with "uk", we are not able to generate/regenerate a TXT Record.

One more thing I noticed was that the "Validation State" went into "Rejected" instead of "Pending"

This usually happens when the certificate provider/authority has rejected the issuance for the managed certificate

The same behavior happened with "in" as well.

I tried with different domains and the results were same.

It is quite possible that the platform has some restrictions or reserved words.

I shall check this internally and provide you an update soon.

Cheers,

Kapil
Szymon Sasin 0 Reputation points

2023-09-22T13:57:31.99+00:00

Hi Kapil,

any luck with finding a root reason for such behaviour ?
KapilAnanth-MSFT 47,121 Reputation points Microsoft Employee

2023-09-24T06:42:30.4066667+00:00

@Szymon Sasin

Greetings and apologies for the delay.

Our team is working with the Certificate Authority to isolate the root cause.

I shall share the complete details once the troubleshooting is done.

I believe it might take some more time.

I shall keep this thread updated meanwhile.

Cheers,

Kapil
KapilAnanth-MSFT 47,121 Reputation points Microsoft Employee

2023-10-03T10:37:13.85+00:00

@Szymon Sasin

Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.

Thanks,

Kapil
KapilAnanth-MSFT 47,121 Reputation points Microsoft Employee

2023-10-04T13:18:05.2433333+00:00

@Szymon Sasin

Reaching out to check if there are any questions on this.

Please let us know if we can be of any further assistance here.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.

1 answer

KapilAnanth-MSFT 47,121 Reputation points Microsoft Employee

2023-10-01T05:04:32.6933333+00:00

@Szymon Sasin

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Thank you for patience while we were troubleshooting the issue internally.

It appears that, our vendor does not allow the use of double dashes in third and fourth characters.

Effective October 1, 2021, for publicly trusted TLS/SSL certificates, we no longer allow the use of double dashes (--) in the third and fourth characters in domain names, unless the double dashes proceed the letters xn (xn--example.com)

Refer : Use of double dashes violation in Digicert.

Some examples of what's allowed and not allowed is as follows:

es--xyz.loudsquid.com No

www.es--xyz.loudsquid.com No

xn--xyz.loudsquid.com OK

xyz--loudsquid.com OK

Please let us know if we can be of any further assistance here, I shall try my best to address your queries should there be any.

Thanks,

Kapil

Please Accept an answer if correct.

Original posters help the community find answers faster by identifying the correct answer.
Please sign in to rate this answer.
Vera 0 Reputation points

2024-11-10T08:24:22.19+00:00

Shouldn't domains like these be allowed?
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Issue with domain validation in Azure FrontDoor/DNS

1 answer

Your answer


es--xyz.loudsquid.com	No
www.es--xyz.loudsquid.com	No
xn--xyz.loudsquid.com	OK
xyz--loudsquid.com	OK