Configure HTTPS on an Azure CDN custom domain

This article is not meant to explain to you all the process to configure HTTPS on an Azure CDN custom domain because you can get all this information in this tutorial provided by Microsoft.

The main goal of this article is to share an experience while trying to configure it, and when things do not go so well.

First of all, in case you are planning to do this configuration process, or if you want to be aware of it, I would invite you to read the tutorial, so you can understand the rest of this article.

As the tutorial says, when you request to enable HTTPs to a given custom domain on your Azure CDN endpoint, there is a validation process that will be performed to ensure the ownership of that custom domain.

If the custom domain is a new domain, then you can create a CNAME record, in your DNS provider, that maps the custom domain to the CDN endpoint's hostname. Then the validation will be performed automatically by DigitCert.

If the custom domain is being used in a Live application, then you need to use a different approach, creating a CNAME record that maps your custom domain and the CDN endpoint, but with the inclusion of the keyword cdnverify. And in this scenario, DigitCert will query WHOIS the registrant information of the custom domain, to send an email asking to approve the validation request. If the registrant information is private, it sends an email to one of the following emails:

• admin@<your-domain-name.com>
• administrator@<your-domain-name.com>
• webmaster@<your-domain-name.com>
• hostmaster@<your-domain-name.com>
• postmaster@<your-domain-name.com>

So, the problem comes when the registrant information is not available, because the DNS provider does not provide this information at all, and also you don't have any of the additional emails available (e.g. you use a global user support email for all your websites - support@<company>.com).

In this case, the option you have available is to contact the Microsoft Support team and request support to finish the validation process. This is a time-consuming process (took me 1-2 weeks to finalize) since it requires collaboration between Azure Support team and DigiCert Support team. I believe in the tutorial, it should be clear the directions in this scenario.

At the end, i had to create TXT records in my DNS provider, associate these records to the custom domain, so DigiCert could verify the ownership of the domain.

I hope this article helps you save some time, in case you face the same issue, especially because it looked like an uncommon scenario for these support teams, especially because there were discussions around how we could verify the domain.