Share via

Migration from Azure CDN classic to Front Door

TS-2203 5 Reputation points
2025-08-07T09:01:21.7266667+00:00

Received the below mail from Microsoft.

You're receiving this notification because you're associated with one or more Azure subscription(s) that use Azure CDN classic.

On 15 August 2025, DigiCert will deprecate support for the legacy CNAME Delegation DCV workflow. This is part of an industry-wide deprecation of DCV that will require DigiCert to migrate to a new validation platform to meet multi-perspective issuance corroboration (MPIC) requirements.

This change affects several Azure services that currently rely on the soon-to-be deprecated CNAME for automated certificate issuance and renewal. More context on this breaking change can be found here.

As a result of this deprecation:

• Starting 15 August 2025, no new domain onboarding or new profile creation will be allowed for Azure CDN classic, and any automation scripts for those actions will begin to fail.

• On 15 August 2025, switching to managed certificates on existing domains will no longer be allowed for Azure CDN classic.

• Existing managed certificates will be renewed automatically before that date and remain valid until 14 April 2026. However, please note that if any emergent renewal is required after 15 August 2025, it will not be possible due to the deprecation of the CNAME-based Domain Control Validation mechanism.

Required action

If you want to create new domains or profiles, or use Azure managed certificates:

• Migrate to either Azure Front Door Standard or Premium before 15 August 2025. Refer to our documentation to learn more about retirement timelines for Azure CDN.

If you're already using Azure managed certificates on existing domains, you can either:

• Move to Bring Your Own Certificate (BYOC) or migrate to Azure Front Door Standard or Premium before 15 August 2025. Refer to our documentation to learn how to configure HTTPS for your custom domain. After this date, due to the deprecation of CNAME-based validation, emergent renewals will not be possible, which could put customers at risk of HTTPS service disruption.

• Azure CDN Standard from Microsoft (classic) will be retired on 30 September 2027. Migrate to AFD Standard or Premium to avoid any service disruption and benefit from all new and enhanced capabilities.

Questions

  1. We have few custom domains with CDN managed certificates. If we don't do anything, will this setup works after August 15?
  2. Can we switch to BYOC certificates from existing managed certificates after August 15, 2025?
  3. If an emergency certificate renewal is required between August 15, 2025, and April 14, 2026, what options do we have?
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Ganesh Patapati 8,760 Reputation points Microsoft External Staff Moderator
    2025-08-07T10:42:34.2733333+00:00

    Hello TS-2203

    1. Will the existing setup continue to work after August 15, 2025?
    • If nothing changes, existing domains with managed certificates on Azure CDN classic will not have new certificate renewals after August 15, 2025. While managed certificates currently remain valid until April 14, 2026, any emergency renewal (like if a certificate is about to expire) after August 15 will not be possible, which could lead to disruption in HTTPS service.

    Refer: What will happen after 15 August 2025?User's image

    1. Can you switch to BYOC certificates from existing managed certificates after August 15, 2025?
      • Yes, it is possible to switch to Bring Your Own Certificate (BYOC) certificates from existing managed certificates, but it's recommended to do this as soon as possible before the 15 August 2025 to avoid any potential service interruptions.

    User's image

    1. What options do you have for emergency certificate renewals between August 15, 2025, and April 14, 2026?
      • Unfortunately, all emergency renewals requiring CNAME-based Domain Control Validation (DCV) will not be possible after August 15, 2025. You would need to prepare prior to that date by considering BYOC or completing the migration to Azure Front Door to ensure ongoing certificate management.

    User's image

    Refer: What actions should I take to avoid service disruption?

    also, refer this article https://learn.microsoft.com/en-us/answers/questions/5512924/got-this-notification-from-azure-about-migration-o

    I hope this has been helpful!

    If the above is unclear or you are unsure about something, please add a comment below.

    Please click Accept Answer and upvote if the above was helpful.

    Accepted answer

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.