I've been diving into Azure Front Door and have a question about using managed certificates. Currently, we have a lot of domains using a wildcard certificate, but for some test domains, we're using Let's Encrypt. With the changes coming to cert expiration, I'm considering moving to AFD managed certificates. It seems like a promising option, especially since it would mean each domain would have its own certificate and we wouldn't have to hassle with renewals—unless something goes wrong with Microsoft or DigiCert. The initial setup would take some time since I'd have to add a _dnsauth record for each domain, but it's manageable. Alternatively, since we have our wildcard in Key Vault, I could generate a new wildcard certificate and set it as the latest version. Last time I tried that, a test domain didn't pick up the new cert, which has me a bit cautious but overall it seems reliable. Has anyone else gone the AFD managed route, and do you have any pros or cons to share?
5 Answers
We switched to managed certs, and it works like a charm, especially since we deploy everything via Terraform. Managing 60 public services has been a breeze, and if wildcards are now general availability or in public preview for managed certs, it makes things even simpler for setups without having to handle things app by app.
We strictly use Azure Front Door managed certificates now and moved away from bringing our own certs. One thing to note is that Microsoft partners with DigiCert for these managed certificates, which adds some reliability. It’s nice not having to worry about renewing them anymore.
Quick question—what if we still have sites running on-prem and haven’t moved them to the cloud yet? Is there a way to leverage AFD managed certs in that situation?
Just out of curiosity, what kind of origins are you using with Azure Front Door?
Sounds encouraging—this might be the best approach for us. Thanks, everyone!
I've switched to managed certificates and honestly, I’m done with the SSL renewal hassle. We have all our DNS handled via Bicep, so after the initial setup, it requires zero effort to maintain everything. It's been a great experience!
That's a good question! I think it might be tricky since managed certs are for cloud services, but someone in the thread might have ideas.