I've been asking a lot about Front Door recently, and now I'm curious about Azure Front Door (AFD) Managed Certificates. We manage several domains, all using a wildcard certificate, but we also have some test domains with Let's Encrypt. With the news about upcoming changes in certificate expiration, AFD Managed Certificates caught my eye as a potential solution. Setting it up may take some time, especially since we need to add a _dnsauth record for each domain, but overall it seems manageable. Plus, with AFD Managed Certificates, I wouldn't have to stress about renewals, as each domain would get its own certificate.
On the flip side, since we already have the wildcard cert stored in Key Vault, we could just regenerate a new one and mark it as the latest version in Key Vault. I tried doing this with my test domains previously, but I encountered a situation where a site didn't pick up the new cert, so I'm aware that it could go wrong. Has anyone opted for AFD Managed Certificates, and what pros or cons can you share?
3 Answers
I switched to managed certificates because honestly, dealing with SSL renewals was such a hassle. All our DNS is handled via Bicep, so once you set up the module, it's effortless to manage domains and DNS entries without any further hassle.
I'm curious, what kind of origins are you working with for your services?
We only use AFD managed certificates for our clients these days. Microsoft teams up with DigiCert to issue these certs, which makes them pretty reliable. We've completely dropped the bring-your-own-certificates approach. It's way less headache.
Good point! I'm wondering about that too, since we still have sites on-prem.
Quick question on that—do you know how we could still use AFD managed certs if some sites are still running on-prem? Is there a way to bridge that gap?