Issue with Custom Domain on APIM and Cloudflare Proxying
Dear all, Last week, we attempted to configure a custom domain name for our Azure API Management (APIM) instance. We use Cloudflare as our DNS provider. The required CNAME record was created with the proxied attribute enabled. However, when configuring the custom hostname in Azure, we encountered the following error: Invalid parameter: CustomHostnameOwnershipCheckFailed. A CNAME record pointing from apim.ourowndomain.net to apim.azure-api.net was not found. As a workaround, we disabled the proxied attribute in Cloudflare, retried the configuration, and it worked successfully. We then re-enabled the proxied attribute, and the custom domain continued to function correctly. However, yesterday, we discovered that the custom domain was no longer working and returned a "404 Web site not found" error page. After extensive troubleshooting—including disabling the proxied attribute on the CNAME record—we were unable to resolve the issue. To restore functionality, we removed and reconfigured the custom domain by following the same steps: Disable the proxied attribute on the CNAME record. Configure the custom domain in APIM. Re-enable the proxied attribute. This resolved the issue again. We suspect that Azure initially validates the CNAME record during the custom domain configuration process when the proxied attribute is disabled. However, after a few days, Azure appears to revalidate the CNAME record and expects it to resolve to *.azure-api.net. Since Cloudflare returns its own IPs when proxying is enabled, Azure may reject the custom domain configuration, leading to the issue. Can anyone confirm whether our assumption is correct? Additionally, is there a recommended workaround for this issue? We are considering deploying a reverse proxy (Application Gateway) to handle Cloudflare requests and forward them to the APIM instance. Thank you in advance for your help. Best regards,
