DEV Community

Cover image for The fastest way to use Let's Encrypt in Azure
Tatsuro Shibamura
Tatsuro Shibamura

Posted on • Edited on

The fastest way to use Let's Encrypt in Azure

App Service Managed Certificate is a great service, but are you frustrated that you can't issue a certificate for Zone apex or wildcard domain?

I was so frustrated that I created an application that uses Let's Encrypt to easily issue certificates for Zone apex and wildcard domains.

It's already available on my personal website (https://shibayan.jp).

For App Service

If you need a Let's Encrypt certificate for your App Service very easily, I recommend Acmebot for App Service.

In particular, the Windows App Service allows certificates to be issued without requiring any special configuration or resources.

GitHub logo shibayan / appservice-acmebot

Automated ACME SSL/TLS certificates issuer for Azure App Service (Web Apps / Functions / Containers)

App Service Acmebot

Automated ACME SSL/TLS certificates issuer for Azure App Service (Web Apps / Functions / Containers)

Build Release Stargazers Forks License Terraform
Last commit Documentation Discussions

Motivation

We have started to address the following requirements:

  • Support for multiple App Services
  • Easy to deploy and configure
  • Highly reliable implementation
  • Ease of Monitoring (Application Insights, Webhook)

You can add multiple certificates to a single App Service.

Feature Support

  • Azure Web Apps and Azure Functions (Windows)
  • Azure Web Apps (Linux) / Web App for Containers (Windows and Linux, requires Azure DNS)
  • Azure App Service Environment (Windows and Linux)
  • Issuing a certificate to the Deployment Slot
  • Issuing certificates for Zone Apex Domains
  • Issuing certificates with SANs (subject alternative names) (one certificate for multiple domains)
  • Wildcard certificate (requires Azure DNS)
  • Support for multiple App Services in a single application
  • ACME-compliant Certification Authorities

architectural diagram

Deployment
















Azure (Public) Azure China Azure Government

Learn more at https://github.com/shibayan/appservice-acmebot/wiki/Getting-Started

Thanks

Getting started is not a complicated process.

Use the Deploy to Azure button and the necessary resources will be built automatically.

Deploy to Azure

Setting up Access Control (IAM) can be a bit tricky, but don't worry.

Just add permissions to the resource group you want to use Let's Encrypt.

Access Control settings

Congratulations! Once the IAM is configured, you can issue the certificate via the web UI.

For other services

If you need to use Let's Encrypt with an other Azure service than the App Service, I recommend using the Key Vault version of Acmebot.

You can issue certificates from Let's Encrypt freely by simply adding the settings of supported DNS providers.

GitHub logo shibayan / keyvault-acmebot

Automated ACME SSL/TLS certificates issuer for Azure Key Vault (App Service / Container Apps / App Gateway / Front Door / CDN / others)

Key Vault Acmebot

Automated ACME SSL/TLS certificates issuer for Azure Key Vault (App Service / Container Apps / App Gateway / Front Door / CDN / others)

Build Release Stargazers Forks License Terraform
Last commit Documentation Discussions

Motivation

We have begun to address the following requirements:

  • Securely store SSL/TLS certificates with Azure Key Vault
  • Centralize management of large numbers of certificates with a single Key Vault
  • Easy to deploy and configure solution
  • Highly reliable implementation
  • Easy to monitor (Application Insights, Webhook)

Key Vault Acmebot provides secure and centralized management of ACME certificates.

Feature Support

  • Issue certificates for Zone Apex, Wildcard and SANs (multiple domains)
  • Dedicated dashboard for easy certificate management
  • Automated certificate renewal
  • Support for ACME v2 compliant Certification Authorities
  • Certificates can be used with many Azure services
    • Azure App Services (Web Apps / Functions / Containers…




Integration with Key Vault makes it easy to use Let's Encrypt certificates with services such as Application Gateway and Azure Front Door.

You can create all the resources you need from the Deploy to Azure button just like the App Service version. It's easy.

Deploy to Azure

You will need to set up an additional access policy for the Key Vault, but it's not difficult to do so as long as you follow the README.

Personally, I recommend you to use the Key Vault version. It can be used with various services such as App Service and Front Door.

Enjoy your Azure Serverless life!

Top comments (3)

Collapse
 
robincher profile image
Robin Cher

Perfect solution!

Collapse
 
maracujajuice profile image
Maurice

The last time I looked into this, this was really hard/cumbersome to do. I'm glad that this got so easy even though it's still not implemented natively. (why Microsoft, why?)
Thank you!

Collapse
 
pir8g33k profile image
James Eduard

Awesome solution, how about IIS servers maybe you can create one with the same function to store on keyvault and manage with azure function apps for monitoring as well