0

I have Azure static website mapped to a custom domain hosted with GoDaddy. I am using Azure CDN for https as per Microsoft instructions.

This is all working fine if I type www.example.com. But if I omit www subdomain, I get NET::ERR_CERT_COMMON_NAME_INVALID error.

How can I redirect from naked domain to www?

I tried using Azure CDN "rule engine" to add a permanent redirect but it does not seem to work. I also tried adding forwarding from naked to www subdomain in GoDaddy DNS config, but that does not work either. Still getting errors.

Someone has suggested to create a certificate that covers both naked and www subdomains, but not sure if that is possible in Azure CDN.

Does anyone know how this can be accomplished in Azure?

under
  • 2,519
  • 1
  • 21
  • 40
  • Did you tried this , https://stackoverflow.com/questions/52022212/azure-verizon-premium-cdn-redirect-naked-domain-to-www?rq=1 – Vineesh Vijayan Jun 25 '22 at 12:27
  • WWW and without WWW are considered as two different web sites. So you may need to add 2 CNAME records for both of them. Which point to your CDN endpoint. You are using GoDaddy DNS correct? Have you tried adding CNAME records to both of them in GoDaddy DNS config ? (with and without WWW) – Dhanuka Jayasinghe Jun 25 '22 at 14:29
  • I tried adding CNAME with @ symbol for name, but that's not allowed it seems. Not sure how to configure CNAME to naked domain, – under Jun 25 '22 at 20:17
  • I don't have Verizon. Using standard rule engine I could not get it to work. The error change from, but no redirect. – under Jun 25 '22 at 20:19
  • have you followed this? https://learn.microsoft.com/en-us/azure/static-web-apps/apex-domain-external – silent Jun 26 '22 at 19:14
  • @silent GoDaddy does not have ALIAS type. – under Jun 27 '22 at 20:58

1 Answers1

0

• The error message that you are encountering while browsing the naked domain, for e.g.: - ‘example.com’ is ‘ NET::ERR_CERT_COMMON_NAME_INVALID ’ which clearly resembles that there is no existing ‘A’ record found for the naked domain DNS record, i.e., ‘example.com’ in this case. While there may exist an ‘A’ record for ‘www.example.com’, ‘mail.example.com’ or ‘app.example.com’ due to which when you are trying to browse these, they are readily accessible, but the same is not possible for your naked custom domain.

Thus, to resolve this issue, you will have to create an ‘A’ record in your public DNS registrar, i.e., GoDaddy for your naked domain, i.e., ‘example.com’ or for a wildcard entry ‘*.example.com’ so that when you are trying to directly access your custom domain name, you will be redirected to the original Azure static website.

https://support.microsoft.com/en-us/topic/associating-a-custom-domain-name-and-securing-communication-with-azure-0eeba4ff-3432-e59a-7f7a-0ee8c7cd7c11

• But, for the same thing above to be accessible over HTTPS, you will have to upload an SSL/TLS certificate in Azure keyvault and integrate it with Azure CDN as described in the Microsoft documentation below. Also, you need to ensure that common names like ‘*.example.com’, ‘example.com’ and others needed are already included in that certificate. To be more precise, a wildcard certificate if requested and generated will work best in these scenarios and be of use in all circumstances.

https://learn.microsoft.com/en-us/azure/cdn/cdn-custom-ssl?tabs=option-2-enable-https-with-your-own-certificate#tlsssl-certificates

Kartik Bhiwapurkar
  • 4,550
  • 2
  • 4
  • 9
  • Problem is I cannot create either A name or CNAME record that points to the Azure URL. CNAME does not allow apex domain, and A record does not allow URL (it wants an IP address). So I cannot solve this with GoDaddy DNS. I was trying to use Azure Rules engine to redirect traffic, but could not get it to work either for some reason. – under Jun 27 '22 at 20:47
  • 1
    Even if you try creating a redirect traffic rule in the rules engine in Verizon premium, you won't be able to access the naked domain URL directly because its public DNS entry doesn't exist, i.e., its static public IP address entry against the requested DNS record doesn't exist. Thus, you will have to assign a public IP address to the A host record created for the naked domain in your public DNS server and also accordingly, procure a SSL/TLS certificate for HTTPS requests. – Kartik Bhiwapurkar Jun 28 '22 at 04:57
  • Hi @under, did the suggestion work for you? Do let me know if it solved your problem else share more details so I can troubleshoot or else do accept it for helping other community members. – Kartik Bhiwapurkar Jun 30 '22 at 19:30
  • 1
    Nothing works. Seems that a lot of people are having the same problem. Cannot fix it using GoDaddy DNS. Cannot fix it with Azure redirect rules. Seems it cannot be solved using my current (cheap) setup. – under Jul 01 '22 at 00:22