Share via

Resource Health alert for front door is raised frequently for expiring custom domains

Camilo Terevinto 0 Reputation points
2025-02-10T09:04:30.65+00:00

I have an Activity Log Alert Rule configured as follows:

enter image description here

I have a custom domain with our own certificate that will expire in 29 days. Yesterday, I got almost 40 alerts for the expiration, and it's like this:

  1. Critical alert ("custom domain certificate expires soon"), and it goes from Available to Unavailable.
  2. 30-60 minutes later, I get an Informational alert with a transition from Unavaiable to Available.
  3. 30-60 minutes later, the critical alert is repeated

Is there anything wrong in my setup? Why am I getting "available" alerts when I have not updated the certificate?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,480 questions
Azure Front Door
Azure Front Door
An Azure service that provides a cloud content delivery network with threat protection.
756 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vinod Pittala 330 Reputation points Microsoft Vendor
    2025-02-11T00:08:41.3133333+00:00

    Hi Camilo Terevinto,

    Welcome to Microsoft Q&A Forum, thank you for posting your query here!

    Since you have configured the Activity Log Alerts, the following actions can be taken when the alert rule conditions are met:

    • When a specific operation occurs on resources.
    • When a Service Health event occurs.

    When a service health event happens, the activity log alert will trigger because the service health events include notifications of incidents and maintenance events that apply to resources in your subscription, such as outages, planned maintenance activities, and other health advisories. This will notify you if any of the parameters are met.

    For more information, refer to the link below:

    https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-types#activity-log-alerts

    And since your certificate is set to expire in the next 30 days, you will now receive an alert notifying you about its expiration (e.g., "custom domain certificate expires soon").

    However, you might wonder why you are receiving this alert now even though the certificate expiration is still 30 days away. This is because "near expiry events for any certificates will be logged 30 days before expiration." Therefore, you are receiving the alerts nowUser's image

    Please refer to the below document.

    https://learn.microsoft.com/en-us/azure/key-vault/general/alert#example-log-query-alert-for-near-expiry-certificates

    However, again for the question "why i'm receiving 40 alerts in a single day?

    The answer to this question is related to the alert configuration, specifically how the alert has been set up. You might have configured the Aggregation type, Aggregation granularity (Period), and Frequency of evaluation (how often you want to evaluate the condition) to be less than one day, causing the alert to fire multiple times. This is why you are seeing multiple alerts for the same operation.

    User's image As for the question "Why am I getting 'available' alerts when I have not updated the certificate?", it is because this is a continuous cycle where the alert meets the condition, fires, and then returns to normal since it's not an issue, this is a service health event notification.

    Hence, To stop receiving these alerts, you need to renew the certificate as soon as possible.

    Hope this helps!

    Please reply if you there are any challenges.

    Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.

    Thanks

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.