Adding custom domains to Azure Front Door without TXT record validation
Question
I have a SaaS application where by default customers get their own url on our domain like saas.application.com/company-a . They can however configure a "vanity domain" using a subdomain on their own domain by setting up a CNAME record pointing to us. Something like this:
saas.company-a.com CNAME saas.application.com
We validate that the record indeed points to us and generate a certificate (current setup is using cert-manager and Traefik in Kubernetes).
We want to start using Azure Front Door and let it handle cert generation/renewal. However, when setting up custom domains in Front Door, we need to validate each custom domain using a TXT record.
This will complicate the setup process for our customers (currently they only need to add a CNAME record), and we will have to ask existing customers to setup TXT records so that their domains can be validated when we migrate to Front Door. This is a show stopper for us, is there an alternative that I'm not seeing?
1 answers
solution1
1 ACCPTED 2022-07-06 15:54:49
Unfortunately with the new Azure Front Door product this is no longer possible. A TXT record is required to obtain an SSL certificate.
If it's possible to use your own SSL certificate, you might only need the CNAME, but I haven't tested this myself. And as you stated in your post, this is also not the desired.
Another option is to use the older version of Azure Front Door (Classic). This tier allows you to verify the domain using only a CNAME record.
You can compare the features between Standard, Premium and Classic here: https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/tier-comparison#feature-comparison-between-tiers
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.