Using SSL certificates with LetsEncrypt

On the following post we are going to explain how quickly and easy is to assign an SSL certificate to your Azure Webapp I have a WordPress WebApp already running and the first thing we want to do is to create a custom hostname for my site

At this point I only have the default Domain name assigned when created the WebApp

We will go and add a hostname, in my case using an A record (you could use a CNAME record instead)

To validate the hostname we need to create a TXT record in our DNS registrar.

We will add a new A record in our DNS registrar to resolve the hostname to the public IP address assigned to the WebApp. If you used a CNAME record then you would just resolve to the default domain used when creating the WebApp (davidsr.azurewebsites.net)

Once this has been processed in the registrar we will see the Custom Domain name successfully added in the azure portal

Doing a dig query to find the NS records to my custom domain name will answer with the original records from my DNS registrar

Once TTL propagates we will be able to resolve the custom domain to the WebApp hosted in Azure

To install SSL certificates we will go to the Advanced Tools section of the WebApp, and Site Extensions

We will go the gallery and search for Lets Encrypt

Install the module and go click play

If we get the following message the workaround is to stop and start the WebApp

If this is successful we will see the Lets Encrypt Authentication Settings

We will need to create a service principal for my subscription, so LetsEncrypt can access the WebApp application settings and bind the certificate

We can see the service principal on the Azure portal, on the WebApp go to Access Control and select the name of the service principal. Then under properties you will see the same values we got using the Powershell command

Now back to the authentication settings of Lets Encrypt, we will need the TenantID, SubscriptionID, ClientID, ClientSecret and RG name ClientID is the value you get as appID when created the service principal, ClientSecret is the password

TenantID can be easily seen here:

ClientID can be seen here on the portal:

Once we pass this checks we are almost done

We will hit next and create our SSL certificate, assigned to the custom domain

Finally, we just check on the WebApp SSL bindings section that the certificate is being assigned to my custom domain

And the final check is to go to the site check you use HTTPS