You can help support this website by buying me a coffee!
3 minutes reading time
(629 words)
Configure SSL for an Azure Web App using Let's Encrypt
Generate a free SSL Certificate for your Azure Web App using Let's Encrypt to secure your website with HTTPS.
UPDATE July 2022
You can now use App Managed Certificates to secure your website in Azure. App Managed Certificates auto-renew and are easier to set up than Let's Encrypt. Check out this guide for more details:
Configure SSL for an Azure Web App using an App Managed Certificate
https://techlabs.blog/categories/guides/configure-ssl-for-an-azure-web-app-using-an-app-managed-certificate
You can now use App Managed Certificates to secure your website in Azure. App Managed Certificates auto-renew and are easier to set up than Let's Encrypt. Check out this guide for more details:
Configure SSL for an Azure Web App using an App Managed Certificate
https://techlabs.blog/categories/guides/configure-ssl-for-an-azure-web-app-using-an-app-managed-certificate
Create a .NET Web App in Azure
1. Create a Web App using Azure CLI
2. Deploy a .NET Web App to Azure using Visual Studio
3. Add a custom domain to an Azure Web App
4. Configure SSL for an Azure Web App using an App Managed Certificate
5. Configure SSL for an Azure Web App using Let's Encrypt
1. Create a Web App using Azure CLI
2. Deploy a .NET Web App to Azure using Visual Studio
3. Add a custom domain to an Azure Web App
4. Configure SSL for an Azure Web App using an App Managed Certificate
5. Configure SSL for an Azure Web App using Let's Encrypt
Find Azure resource details for Let's Encrypt
In this guide we will create an Azure App registration for Let's Encrypt and generate an SSL certificate for our website.
To create the Let's Encrypt certificate, we will need to collect the following info:
Azure Tenant ID
Azure Subscription ID
Application (client) ID
Application Client secret
Resource group name
Storage account connection string
Make sure you save these details as you follow the steps in this guide
Azure Active Directory - Properties
Copy the Tenant ID
Subscription
Copy the subscription ID
Storage account
Access Keys - show keys
Copy the Connection string
Create App registration for Let's Encrypt
App registrations - New registration
Name: Let's Encrypt - Planet Express
Redirect URI: https://www.planetexpress.live
Click Register
Copy the Application (client) ID
Create client secret
Certificates & secrets - New client secret
Description: Let's Encrypt - Planet Express Login
Click Add
Copy the client secret value
Save the client secret value in your password manager as it won't be shown again
Add permissions for Let's Encrypt
Resource groups
Access control (IAM) - Add - Add role assignment
Role: Contributor
Assign access to: select Let's Encrypt - Planet Express
Save
Add Azure Let's Encrypt App Extension
App Service - Extensions - Add
Choose Extension
Azure Let's Encrypt
Accept legal terms
Click OK
Add Azure Let's Encrypt extension - Click OK
Azure Let's Encrypt Web app extension successfully installed
Generate Let's Encrypt SSL Certificate
App service - Extensions - Azure Let's Encrypt
Click Browse
Enter the following details:
Azure Tenant ID
Azure Subscription ID
Application (client) ID
Application Client secret
Resource group name
Storage account connection string
Tick update Application Settings and Virtual Directory
Click Next
Custom domains and SSL - Next
Use the [Ctrl] key to select both hostnames. The certificate will need names for the www and non-www versions of your website.
Enter email address then click Request and Install Certificate
SSL Certificate has been generated, close the Let's Encrypt browser tab
Set Web app to HTTPS only
App Service - TLS/SSL settings
HTTPS Only - On
Browse to the site to check the new SSL certificate
Comments 11
How to automate renewal for this?
Hi, I have a draft blog for automating the certificate renewal. Hopefully will get time to publish it soon!
Hi Lukas, automatic renewal is easier with an App Managed Certificate. Check out this guide
Configure SSL for an Azure Web App using an App Managed Certificate
https://techlabs.blog/categories/azure/configure-ssl-for-an-azure-web-app-using-an-app-managed-certificate
wow this is amazing! Good job!
Hey, thanks for the feedback! Im glad you found the guide useful
Turns out you can create a free certificate auto renewed by azure.https://azure.microsoft.com/en-us/updates/secure-your-custom-domains-at-no-cost-with-app-service-managed-certificates-preview/
Thanks for the link! I will try that for the next Azure web app I set up.
Updated guide for App Managed Certificates:
Configure SSL for an Azure Web App using an App Managed Certificate
https://techlabs.blog/categories/azure/configure-ssl-for-an-azure-web-app-using-an-app-managed-certificate
This link is broken
Thanks for letting me know, I've updated the link.
Is there a way to export this certificate?
Thanks.
Hi,
It might be possible to download the certificate using the Kudu portal. However, when I tested this, it didn't work.
https://github.com/sjkp/letsencrypt-siteextension/wiki/How-to-Retrieve-Certificate
You can now use Azure Managed App certificates for web apps which are easier to set up than Let's Encrypt and can be auto renewed.
Configure SSL for an Azure Web App using an App Managed Certificate
https://techlabs.blog/categories/azure/configure-ssl-for-an-azure-web-app-using-an-app-managed-certificate