Skip to content

Azure Front Door supports managed certificates for wildcard domains #128407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pl4nty wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Azure Front Door supports managed certificates for wildcard domains #128407

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion articles/frontdoor/domain.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,6 @@ Sometimes, you might need to provide your own TLS certificates. Common scenarios
* You want Azure Key Vault to issue your certificate by using a partner certification authority.
* You need to use a TLS certificate that a client application recognizes.
* You need to use the same TLS certificate on multiple systems.
* You use [wildcard domains](front-door-wildcard-domain.md). Azure Front Door doesn't provide managed certificates for wildcard domains.

> [!NOTE]
> * As of September 2023, Azure Front Door supports Bring Your Own Certificates (BYOC) for domain ownership validation. Front Door approves the domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the certificate matches the custom domain. If you select Azure managed certificate, the domain validation uses the DNS TXT record.
Copy link

Copilot AI Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR removes the statement that managed certs aren’t supported for wildcard domains, but the surrounding section still only lists scenarios for bringing your own cert. To align with the PR purpose, consider adding an explicit note in this section that Azure managed certificates can be used with wildcard domains (and, if applicable, any constraints such as supported wildcard level or DNS validation requirements), so readers don’t infer BYOC is still required for wildcard domains.

Suggested change
> * As of September 2023, Azure Front Door supports Bring Your Own Certificates (BYOC) for domain ownership validation. Front Door approves the domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the certificate matches the custom domain. If you select Azure managed certificate, the domain validation uses the DNS TXT record.
> * Azure managed certificates can be used with wildcard custom domains. When you select an Azure managed certificate, domain validation uses the DNS TXT record.
> * As of September 2023, Azure Front Door supports Bring Your Own Certificates (BYOC) for domain ownership validation. Front Door approves the domain ownership if the Certificate Name (CN) or Subject Alternative Name (SAN) of the certificate matches the custom domain.

Copilot uses AI. Check for mistakes.
Expand Down