If only 443 is unhealthy, it's likely an issue with SSL. You can verify the health of the backends on ports 80 and 443. If the backend is unhealthy because of a certificate failure, a 503 error message is returned.If the web app is configured as IP based, it should be changed to SNI. Check if the Azure web app is configured with IP-based SSL instead of being SNI based.The backend pool is an Azure Web Apps server: EnforceCertificateNameCheck must be disabled.The returned certificate must match the FQDN.To resolve this issue, you have two options: The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool. In the portal, use a toggle button to turn this setting on or off in the Azure Front Door (classic) Design pane.įor Azure Front Door Standard and Premium tier, this setting can be found in the origin settings when you add an origin to an origin group or configuring a route. How to disable EnforceCertificateNameCheck from the Azure portal: When enabled, Azure Front Door checks that the backend pool host name FQDN matches the backend server certificate's certificate name or one of the entries in the subject alternative names extension. The backend pool is an Azure Web Apps server.ĮnforceCertificateNameCheck must be disabled.Īzure Front Door has a switch called EnforceCertificateNameCheck.The backend server returns a certificate that doesn't match the FQDN of the Azure Front Door backend pool. The cause of this problem can be one of three things: Going via Azure Front Door results in 503 error responses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |