#Err 400 - The account being accessed does not support http.

So, just to preface, I already know the solution (or rather, "solution") to this problem. My question is more along the lines of why this error happens.

When accessing the HTTPS site, it produces an error saying the site doesn't support HTTP. Apparently this is a somewhat niche problem in Azure that's resolved by disabling a security setting which forces HTTPS in the storage account settings. And that recommendation comes from multiple sources.

However, my problem is none of those sources explain why I should be disabling that or what the side effects are. It seems more like treating the symptom instead of the cause.

Strangely, the website does seem to intermittently function even with that option enabled. I have tried disabling that option and can confirm it does work, but I'd rather not disable security features unnecessarily. Any advice or input?

It seems like the best bet might be to create a URL redirect in the rules engine for http to https? That's one recommendation I've seen that does seem better. Curious if there's any other input / suggestions

For any future readers - I eventually caved and resolved this by offloading the HTTPS/DNS handling to Cloudflare and disabling the Secure Transfer feature in the storage account on Azure. In Cloudflare, the .dev domain has preloaded HSTS and I've set the encryption option to full on Cloudflare (although I may change it to Full - Strict) with enforced HTTPS.

Edit: Addendum - Be careful with DNSSEC and Cloudflare with Google Domains btw. Very easy to run into DNS resolution issues. Spent a couple of hours having to diagnose that.

An update to this again for future readers so they aren't caught off guard like I was. Azure started throwing 400 - URI errors this morning for my www domain. Much to my dismay, this error appeared a year earlier on a short guide about using Cloudflare w/ Azure I was following from Adam Bertram with no resolution.

Despite a couple hours of troubleshooting, I could not figure out what was going wrong. I decided to move from Cloudflare back to Azure DNS and import my own Let's Encrypt cert which was a hellish process in its own right.

For those going this route, I highly recommend the following:

1. Follow John Wright's guide on HTTPS for Azure here: https://wrightfully.com/azure-static-website-custom-domain-https. He covers the majority of the process using Azure DNS.

2. Because the goal of this project is to conserve money, I generated my own cert with OpenSSL and Let's Encrypt which John did not in Step 2 of Part 4. I'd strongly recommend following this process here instead to save money: https://gethttpsforfree.com/ (and if you're on Windows, using this GUI: https://github.com/sverrirs/GetHttpsForFree-UI).

2a. Important You need to use the .csr from Microsoft for Step 2 of Get Https for free! which John shows how to download in his tutorial. When you get to this step, just open your .csr in a text editor, then copy and paste the data straight into the site and continue with the process.

3. Once you receive the .PEM from Let's Encrypt, you'll need to convert it to a .PFX because Azure CDN does not support .PEM bundles. After an hour of digging I found a functional oneliner from Kanwar Singh (https://gist.github.com/KanwarSingh/3e53bd9330573e183572c06a4310b848) - openssl pkcs12 -export -in YourPEM.pem -out YourPFX.pfx -CSP "Microsoft Enhanced RSA and AES Cryptographic Provider"

I hope this helps save someone some pain if they go this route because it's been a nightmare getting DNS for the root domain as well as the www to stay functional.

^ This is super awesome info, thanks for documenting this for future challengers who might go down this road!

i have been dealing with this for 3 days, time is of the essence now, gonna give it a shot.

Freakin' love you mate @hallow zephyr I've been dealing with this for 2 days

Glad it helped. Let me know if you have any questions!

@hallow zephyr How can you verify that the TXT record is being server?

*served?

on gethttpsforfree

txt nslookup?

Yes, a TXT nslookup will do the trick

and how long does it take for it to propagate?

online it says anything between 24 to 48h

is that correct?

just confirming it

It's usually much faster than that in my experience with Azure. Maybe 5-10 minutes?

So glad I stumbled upon this- not sure which route i'll take, but after like 2 days of straight banging my head on random DNS misconfigurations and whatnot, i finally got it to work...sort of. I'm only able to get to my site when i do www and/or https://- definitely going to look into these solutions. Thanks so much!

John Wright's guide helped me a lot.. I also started to get a 400 error out of nowhere for seemingly no reason and that guide fixed the issue for me. Thank you!

Glad you were able to get it fixed!

I've had similar issues to HTTPS too, using apex domain. I ended up with an acme challenge azure app:
https://github.com/shibayan/keyvault-acmebot
Then you can use custom domain on your front door (remember to select RSA and not ECC).

Another issue was that I set global rule to redirect, this will cause a redirect loop. Create a new front door rule to redirect from http to https.

Would anyone who has completed, or is near completion of the Azure challenge be willing to get on a chat with me in the next few days? I’m struggling bigtime. I just graduated MSSA server and cloud administration cohort(microsoft sponsored training program for vets that was marketed to us as a job placement program) and have been applying for jobs for 2 months and I am barely getting any bites. I think this will help me a bit more, i’m running short on money so time is definitely of the essence and I have a lot left to do. I’ve bought the guide, but have taken several breaks from this challenge and could really really use some orienteering. Good luck to you all!

What kind oof jobs are you searching for? Any previous IT experience?

hi, i'm trying to follow your post and john's guide but on the verification of ownership step in get https for free, i run into an error. i am attempting to use the file-based option and after uploading to my storage acct, i get this error when trying to check for the files:

i managed to solve it by going to the storage account > settings > configuration and turning off secure transfer