![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 83%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
622 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 15%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
@cvationshm
Currently Front Door managed SSL certificate issued using a DNS based verification process is not in place yet.
Custom domain validation is an important security measure before we all you to add the custom domain. Yes, it is not very CICD friendly as you need to prove control over the domains before DigiCert issues your certificate. Involving support is not every time when you add custom domain its specific case to case basis.
DigiCert CA validates ownership of your domain by contacting its registrant, according to the domain's WHOIS registrant information. Contact is made via the email address (by default) or the phone number listed in the WHOIS registration. If the WHOIS registrant information is private, verify that you can approve directly from one of the following addresses:
admin@<your-domain-name.com>
administrator@<your-domain-name.com>
webmaster@<your-domain-name.com>
hostmaster@<your-domain-name.com>
postmaster@<your-domain-name.com>
If you are using a spam filter, add admin@digicert.com to its allowlist.
Common Issues when you don’t receive Email for verification.
Constructed email address:
• Ensure that your constructed email address account/alias for the following addresses: admin, administrator, webmaster, hostmaster, and or postmaster @<your-domain-name.com> has been properly configured. Test the constructed email address by sending an email to it from a known-working email account.
You may not be getting the validation email at this address because the account has not been set up yet or has been set up improperly.
• Check your junk mail and spam folders – email clients often mistake the domain validation email for junk mail/spam.
• Ensure that your firewall or email security appliance did not block the email or place it in quarantine.
WHOIS-based Email Addresses:
• Check any junk mail/spam folders.
• Have validation email recipients (domain contacts) check their junk mail/spam folders – email clients often mistake the domain validation email for junk mail/spam.
• Ensure that your firewall or email security appliance did not block the email or place it in quarantine.
• Contact your domain registrar/register to ensure they are not masking or hiding your domain contact information.
• Are you expecting to receive an email at an address published in your domain’s WHOIS record? Please verify that your registrar is not masking or hiding your domain contact information.
• Is your registrar/register masking or hiding your contact information? Check to see if they provide a way (an anonymized email or a web form) for CAs to access the domain’s WHOIS data.
• For the most efficient validation process, let your registrar know that you want them to either use your full published records or an anonymized email address for your domains. Using these options will ensure minimal-to-no-impact on validation processes.
Hope this was helpful. Please let us know in case of any additional questions or concerns.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.