Do you want to have FREE SSL Certificates for your Azure WebApps and Azure Functions, renew them automatically and manage them hassle-free?
Keep reading then...
Intro
Today I want to talk to you about a project of mine, which is completely Open Source and free to use, that allows you to create free SSL Certificates (thanks to Let's Encrypt), install it on your Azure WebApp or Azure Function, and automatically renew them before their expiration.
SSL Certificates are very important, they allow you (among other things) to enable HTTPS on your websites, web applications and serverless functions.
Welcome Azure WebApp SSL Manager
The project name is Azure WebApp SSL Manager, and it's an Azure Function that acquires and manages free SSL certificates for applications hosted on Azure Web Apps and Azure Function Apps.
It is fully Open Source, and hosted on GitHub:
n3wt0n / AzureWebAppSSLManager
Acquires and manages free SSL certificates for Azure Web App and Azure Functions applications.
You can use it to acquire FREE certificates for any domain you own, including wildcards. Those certificate are completely trusted since they are generated using the Let's Encrypt Certification Authority.
Azure WebApp SSL Manager is also listed on the official Let'S Encrypt website as the first client for Azure (take a look here)
Why use your project instead of Let's Encrypt directly?
Good question. Azure WebApp SSL Manager makes it super easy and automatic to create, renew and manage all the certificates.
Without Azure WebApp SSL Manager
If you use Let's Encrypt directly, instead, you would need to:
- Manually generate the certificate with a multi-step flow
- Save the account key somewhere
- Convert the certificate file in something usable by your service
- Remember to renew your certificates every 3 months
- Re-upload the certificate file
- Replace the old certificate with the new one
- Repeat this for every and each certificate!
And what happens if you forget to renew on time? Or you are away? Or if you lose the account key?
Why going through all those problems when you can have everything automatically done?
WITH Azure WebApp SSL Manager
- Deploy the Azure Function (can be done automatically as well from the GitHub repo!)
- Add the list of domains you need the certificate for to the configuration file
- Forget about everything and Azure WebApp SSL Manager will do all the work for you
Give Azure WebApp SSL Manager a try, check out the GitHub repo now!
How it works - some details
The main Tasks performed are:
- Order/Renewal of SSL certificates from Let's Encrypt free trusted CA
- Validation of the order using Azure DNS TXT record
- Download of the certificates and save them on Azure Blob Storage
- Installation of the certificates on Azure App Service Web App or Function App
- Association of the certificates to the Web App or Function App hostname bindings
Let's talk technical
The project is written in .NET Core 3.1 (Porting to .NET 5 is in progress and pending full support by Azure Functions) and can be hosted on either Azure Functions (Windows) or Azure Functions (Linux).
The deployment can be done:
- Manually, downloading the source files and building/publishing it
- Automatically, via ARM, using the PowerShell script provided
- Automatically, via ARM, using the Azure CLI with the bash script provided
- Automatically, via ARM, using the Azure CLI with the cmd script provided
- Automatically, via ARM, using the Wizard provided
Conclusion
Check out the project's GitHub repo, try it out and let me know what you think!
Remember to star the repo and follow me on GitHub as well.
Top comments (6)
In appproperties.json, From where can I get value for "AzureDnsZoneName" and "AzureDnsResGroup"? I do not have DnsZone resource in my azure portal.
One of the prerequisites for using this Function is that the domain you are trying to create SSL Certificats for is managed via Azure DNS.
If you don't have Azure DNS setup yet, then you'd need to do set that up first, then manage your Domain's DNS with that, and finally set up the Azure WebApp SSL Manager Function :)
Davide thanks for quick response. Can you please provide basic steps to configure DNS zone?
I have performed following steps:
1) Created DNS Zone in azure.
2) Added TXT and CNAME record which I got from my azure app service.
3) Now I am running azure functions but it is giving an error "authorization must be pending"
No worries.
Unfortunately I can't help, that is not related to the DNS, it is an error returned by the Let's Encrypt service. It happened to me sometimes in the past as well, it has something to do with how they create the orders internally and apparently something fails/has failed...
Troubleshooting that is a nightmare because they do not expose the real reason of the failure, at least I haven't been able to find it anywhere.
I don't remember what worked for me at that time, but I remember checking on their support/community forums and trying few things directly on their APIs to be able to unblock the status...
I still get this from time to time, but it usually solves itself after some time...
If you're thinking that they have a pretty flaky APIs... welcome to the club :)
Sorry that I can't be more helpful 🙏🏻
Thanks for the information. I will post here if I found anything.
Let me know what you think about this project ☺️