Posted: 18/11/2022

Azure Static Web App Invalid SSL Certificate

Today i find out, my website was not working.
I had an invalid SSL certificate, it timed out 4 days ago.
Side note - I should set up a Github action to check this and warn me if it is offline.

Checking the SSL cert showed me it had run out.
Now a static web app in Azure has the ability to have custom domains with free SSL certificates.

This has worked perfectly for months, and I have not changed anything - so why has it run out.

I found in Azure, that this was showing against my custom domain:

Custom domain not resolving to my website

As a quick fix, removing the custom domain and addding it again solved my problem, but that will only work for another 6 months.

My DNS provider is CloudFlare, and I use a CNAME record within that to allow the custom domain to work.

So in cloudflare I turned everything off, and the problem still persists.

Which made me think to check the random url that Azure creates, and lo and behold, that works.
That website has a valid SSL cert!

So it is something wrong with my custom domain.

A bit of search on t'internet, I came across these posts on github:

https://github.com/Azure/static-web-apps/issues/923
https://github.com/Azure/static-web-apps/issues/888#issuecomment-1320162612

This made me reconsider have I set it up correctly at Azure.

At the top of the custom domain blade in Azure it gives documentation on how to configure the custom domain with your DNS host:

https://learn.microsoft.com/en-us/azure/static-web-apps/custom-domain?wt.mc_id=azurestaticwebapps_inline_inproduct_general

which then lead me to here:

https://learn.microsoft.com/en-us/azure/static-web-apps/apex-domain-external

Oh, I have not setup an Apex domain registration at Cloudflare.
Adding in the "root domain" e.g. "markoliver.website" and now Azure has verified my custom domain.

A validated Azure domain

Thanks also to @Stacy_Cash & @nthony_chu on Twitter for trying to help out:

The SSL cert on my Azure Static Web App has expired. Anyone else seeing this?
It is managed by Azure so confused.@Stacy_Cash @nthonyChu any ideas?
— Mark Oliver 💙 (@MicbOliver) November 18, 2022

Fingers crossed in 6 months I am not back here reading my own article 😃

What did I learn (again) - RTFM - READ THE **** MANUALS

Banging my head against the wall for not learning

Thanks for reading this post.

If you want to reach out, catch me on Twitter!

Tweet to @MicbOliver

I am always open to mentoring people, so get in touch.