I've added a custom domain (xyz.contoso.com) to my Front Door (xyz.azurefd.net). Since it's already live and pointing directly to an AppService, I've used the process of creating a CNAME from afdverify.xyz.cotoso.com to xyz.azurefd.net ([1]). Before pointing xyz.contoso.com to xyz.azurefd.net, I'm also setting up the FrontDoor managed SSL certificate. Is it correctly understood from [2] and [3], that if I want to avoid downtime and have the certificate issued before doing the actual switch-over, the only possibility is using the WHOIS process where a confimation email is sent to the contact person in the WHOIS records? Is there no way of having the Front Door managed SSL certificate issued using a DNS based verification process?
My problem is that I have now tried with two different domains, and only for one of them, I've received the confirmation email. I've ensure that the following emails exist, [admin|administrator|webmaster|hostmaster|postmaster]@domain.com and admin@digicert.com has been added to our allow-list. I know that the documentation states that support should be contact if no email is received within 24 hours, but this process ....
is not very CICD friendly
is slow, especially if support has to be involved
is quite cumbersome helping customers setting this up, since it requires us to dig into their specific WHOIS setup
Have I overlooked something regarding the DNS verification actually being possible?
Thanks,
[1] https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain#map-the-temporary-afdverify-subdomain
[2] https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https
[3] https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain-https#custom-domain-is-not-mapped-to-your-front-door