Why did ‘they’ not scream this from the rooftops? CERTIFICATES ARE NOW FREE! Yes I know, there was Let’s Encrypt allowing you to install free certificates on your web app. Previously you had the ability to add an extension with a worker that would install and renew certificates from Let’s Encrypt on your Web App. However, this extension often failed or crashed and a lot of plumbing was required to get it up and running. Now, everything changed!
To install free managed certificates on your Web App in Azure, you need to map a domain name to your app service. Also, for a root domain (like hexmaster.nl), you cannot have IP restrictions. Then there are a couple of limitations:
- Does not support wildcard certificates.
- Does not support usage as a client certificate by certificate thumbprint (removal of certificate thumbprint is planned).
- Is not exportable.
- Is not supported on App Service Environment (ASE).
- Is not supported with root domains that are integrated with Traffic Manager.
- If a certificate is for a CNAME-mapped domain, the CNAME must be mapped directly to .azurewebsites.net
But to be honest, all these restrictions sound pretty reasonable to me.
To install your certificate, go to the Azure Portal and navigate to your Web App. Then open the
TLS/SSL settings blade and click Private Key Certificates (.pfx).
Here you’ll see a new fourth option called ‘Create App Service Managed Certificate’. If you click that, a new dialog opens showing a dropdown with all applicable custom domains. Select the desired domain and click the Create button.
There is no maintenance required. The certificate is renewed continuously in six-month increments. Certificates will be renewed 45 days before they expire.