Within my current company, we are using azure application gateway to host the application and it is a nice load balancer but with a let’s encrypt wild card certificate I kept on getting the following message on the “Backend health” page where we were trying to use https from the application gateway to the server (keeping things secure is always nice 🙂 )
The Common Name (CN) of the backend server certificate does not match the host header entered in the health probe configuration (v2 SKU) or the FQDN in the backend pool (v1 SKU). Verify if the hostname matches with the CN of the backend server certificate. To learn more visit -Â https://aka.ms/backendcertcnmismatch.
The main problem is using a wild card certificate e.g. for example.com and a listener pointing to a single subdomain e.g. test.example.com, is that we have to set up “Health probes” to confirm that the backend server was actually hosting test.example.com instead of checking example.com.
So, the nginx daemon was running on the linux server using the wild card certificate we generated via azure functions to generate the let’s encrypt certificate using the hostname of test.example.com and then setup a health probe on the application gateway as below.
and then the health probe will start to work instead of giving the error above, below are the health probes with a status of 200
If the above doesn’t help, just shout.