Using SSL certificates with LetsEncrypt
On the following post we are going to explain how quickly and easy is to assign an SSL certificate to your Azure WebApp I have a WordPress WebApp already running and the first thing we want to do is to create a custom hostname for my site
At this point I only have the default domain name assigned when created the WebApp
We will go and add a hostname, in my case using an A record (you could use a CNAME record instead)
To validate the hostname we need to create a TXT record in our DNS registrar.
We will add a new A record in our DNS registrar to resolve the hostname to the public IP address assigned to the WebApp. If you used a CNAME record then you would just resolve to the default domain used when creating the WebApp (davidsr.azurewebsites.net)
Once this has been processed in the registrar we will see the custom domain name successfully added in the azure portal
Doing a dig query to find the NS records to my custom domain name will answer with the original records from my DNS registrar
Once TTL propagates we will be able to resolve the custom domain to the WebApp hosted in Azure
To install SSL certificates we will go to the Advanced Tools section of the WebApp, and Site Extensions
We will go the gallery and search for Lets Encrypt
Install the module and go click play
If we get the following message the workaround is to stop and start the WebApp
If this is successful we will see the Lets Encrypt Authentication Settings
We will need to create a service principal for my subscription, so LetsEncrypt can access the WebApp application settings and bind the certificate
We can see the service principal on the Azure portal, on the WebApp go to Access Control and select the name of the service principal. Then under properties you will see the same values we got using the Powershell command
Now back to the authentication settings of Lets Encrypt, we will need the TenantID, SubscriptionID, ClientID, ClientSecret and RG name ClientID is the value you get as appID when created the service principal, ClientSecret is the password
TenantID can be easily seen here:
ClientID can be seen here on the portal:
Once we pass this checks we are almost done
We will hit next and create our SSL certificate, assigned to the custom domain
Finally, we just check on the WebApp SSL bindings section that the certificate is being assigned to my custom domain
And the final check is to go to the site check you use HTTPS
Now that we can have secure connections to the site, it’s worth running an SSL Test with Qualys SSL labs
0 Comments