2

So my 'enabling' HTTPS stage for my CDN endpoint has been stuck for 3+ days at 'enabling cdn' with the usual message of: a verification request will be sent to the email listed in your domain’s registration record (WHOIS registrant).

Now, I have the CNAME set as you can't even add it if it's not set to the right CDN endpoint. I have cancelled the process and restarted it after 2 days and now at the 2'nd attempt it's been hanging for 3 days.

The issue is the email for verification via the WHOIS will always go to something like protected-by-gdpr@gdpr-protected.com -- some type of placeholder domain as due to GDPR in Europe WHOIS data is no longer available.

This is not like 'WHOIS GUARD' that still leaves a way of getting contact, nor it is changeable, it is by default enforced across all domains as far as I can tell.

Now my questions is, what do I do to enable HTTPS on my custom domain if it doesn't care/look at the CNAME records?

SebastianG
  • 8,563
  • 8
  • 47
  • 111

2 Answers2

2

According to this doc, If the CNAME record entry for your endpoint no longer exists or it contains the cdnverify subdomain,

DigiCert also sends a verification email to additional email addresses. If the WHOIS registrant information is private, verify that you can approve directly from one of the following addresses:

admin@<your-domain-name.com>
administrator@<your-domain-name.com>
webmaster@<your-domain-name.com>
hostmaster@<your-domain-name.com>
postmaster@<your-domain-name.com>

You should receive an email in a few minutes, similar to the following example, asking you to approve the request. If you are using a spam filter, add admin@digicert.com to its whitelist. If you don't receive an email within 24 hours, contact Microsoft support.

You also could verify the above addresses. As far as I know, some similar domain ownership verifying question such as could not get verified from WHOIS registrant or your domain owner information is not enough exposed publicly so that domain ownership verifying has a failure.

To get fix these issue quickly, you can directly contact Microsoft support. They will confirm the domain information for you. See another similar thread.

Nancy
  • 26,865
  • 3
  • 18
  • 34
  • Hi @Nancy, thanks for this help, I will follow your instructions to try to get this sorted. My only issue with contacting microsoft is that you have to pay for a support plan even if the issues you're having with their systems are often in their interface – SebastianG Apr 16 '19 at 12:34
  • 1
    Someone has mentioned this on [GitHub](https://github.com/MicrosoftDocs/azure-docs/issues/26394), MS support said `If you do not have a support plan, Email me at AzCommunity@Microsoft.Com with your subscription ID and a link to this post, and I will enable a one-time free support request to pursue this further`. – Nancy Apr 16 '19 at 12:39
0

I needed to add digicert to my CAA authorities in my domains DNS setting, because I already had a value present, it wouldn't let me issue certificates unless I added that there.

SebastianG
  • 8,563
  • 8
  • 47
  • 111