Adding SSL to Azure, the free and easy way

Ever since I bought my own domain name, I’ve been meaning to get and SSL certificate, but I just never got around to it.

At the time, the cost was prohibitive for a low-traffic vanity project, and I didn’t know much about the necessity of HTTPS at the time.

In this day and age, if you are a website owner, then you owe it to your visitors to provide HTTPS. If you are a website visitor, you should be demanding HTTPS. Having that secure transmission layer prevents so many internet ills.

But what about the cost? Enter Let’s Encrypt.

LetsEncrypt.org provides FREE, genuine SSL certificates – and it’s automatic to generate, apply, and renew these SSL certs for Azure web sites.

SSL!

I’ve run out of excuses. Time to secure all the things!

There’s a few different tutorials out there, but I found Troy Hunt’s tutorial the best and easiest to follow.

His tutorial was written against the old version of the Azure portal, and for the most part you can follow along in the new portal; there’s a few parts that I couldn’t find the new portal analog for, so i’ll detail what’s different below. Go ahead and open up the tutorial in a new window and flip back and forth between it and this post.

Creating an Azure Service Principal

For this step, I couldn’t figure out how to do it completely through the new portal. Instead of going through the Active Directory tab, you can go through the “Enterprise applications” tab, but I couldn’t find a way to assign the user key to the application – so use the old portal for this step.

Configuring the site extension

You can do it Troy’s way via the https://{app-service-name}.scm.azurewebsites.net link, but you can also go to the app service’s Extension tab and add Let’s Encrypt that way too.

Everything from here is pretty straightforward and works in the new Azure portal, although I had one hiccup at the very end, after the Let’s Encrypt extension created and installed the certificate. It created the cert and applied it to the website, but for some reason didn’t create the SSL binding (from URL -> cert) so I had to do that manually.

And one more thing

You’ve got that shiny new SSL cert, so how do you get people to start using it? Go back to your app service tab, and click on the “Extensions” option. Add the “Redirect HTTP to HTTPS” extension. Now all incoming HTTP requests are automatically redirected to HTTPS!

SSL = Supremely. Simple. Let’s encrypt.

(one more thing – make sure you read Troy’s section on “Proceed with caution…” – very necessary caveats for you to be aware of).

Leave a Reply