loading...
Cover image for The fastest way to use Let's Encrypt in Azure

The fastest way to use Let's Encrypt in Azure

shibayan profile image Tatsuro Shibamura ・2 min read

App Service Managed Certificate is a great service, but are you frustrated that you can't issue a certificate for Zone apex or wildcard domain?

I was so frustrated that I created an application that uses Let's Encrypt to easily issue certificates for Zone apex and wildcard domains.

It's already available on my personal website (https://shibayan.jp).

For App Service

If you need a Let's Encrypt certificate for your App Service very easily, I recommend Acmebot for App Service.

In particular, the Windows App Service allows certificates to be issued without requiring any special configuration or resources.

GitHub logo shibayan / appservice-acmebot

Automated ACME issuer for Azure App Service (Web Apps / Functions / Containers)

App Service Acmebot

Build Release License

This is an application that automates the issuance and renewal of ACME SSL/TLS certificates for the Azure App Service. We have started to solve the following issues

  • Support for multiple App Services
  • Easy to deploy and configure
  • Highly reliable implementation
  • Ease of Monitoring (Application Insights, Webhook)

You can manage multiple App Service certificates in a single application.

Announcements

Upgrading to Acmebot v3

https://github.com/shibayan/appservice-acmebot/issues/138

Integration with Key Vault

If you need to use the certificate for a variety of services, consider using the Key Vault version of Acmebot v3.

https://github.com/shibayan/keyvault-acmebot

The Key Vault version can be used with services that support Key Vault certificates such as App Service / Application Gateway / CDN / Front Door.

Table Of Contents

Feature Support

  • Azure Web Apps and Azure Functions (Windows)
  • Azure Web Apps (Linux) / Web App for Containers (Windows and…

Getting started is not a complicated process.

Use the Deploy to Azure button and the necessary resources will be built automatically.

Deploy to Azure

Setting up Access Control (IAM) can be a bit tricky, but don't worry.

Just add permissions to the resource group you want to use Let's Encrypt.

Access Control settings

Congratulations! Once the IAM is configured, you can issue the certificate via the web UI.

For other services

If you need to use Let's Encrypt with an other Azure service than the App Service, I recommend using the Key Vault version of Acmebot.

You can issue certificates from Let's Encrypt freely by simply adding the settings of supported DNS providers.

GitHub logo shibayan / keyvault-acmebot

Automated ACME issuer for Azure Key Vault (App Gateway / Front Door / CDN / others)

Key Vault Acmebot

Build Release License

This application automates the issuance and renewal of ACME SSL/TLS certificates. The certificates are stored inside Azure Key Vault. Many Azure services such as Azure App Service, Application Gateway, CDN, etc. are able to import certificates directly from Key Vault.

We have started to address the following requirements:

  • Use the Azure Key Vault to store SSL/TLS certificates securely
  • Centralize management of a large number of certificates using a single Key Vault
  • Easy to deploy and configure solution
  • Highly reliable implementation
  • Ease of Monitoring (Application Insights, Webhook)

Key Vault allows for secure and centralized management of ACME certificates.

Announcements

Upgrade to Acmebot v3

Key Vault Acmebot v3 has been released since December 31, 2019. Users deploying earlier than this are encouraged to upgrade to v3 by following the ugprade process described here:

https://github.com/shibayan/keyvault-acmebot/issues/80

Automate Azure CDN / Front Door certificates deployment

As of August 2020, Azure CDN /…

Integration with Key Vault makes it easy to use Let's Encrypt certificates with services such as Application Gateway and Azure Front Door.

You can create all the resources you need from the Deploy to Azure button just like the App Service version. It's easy.

Deploy to Azure

You will need to set up an additional access policy for the Key Vault, but it's not difficult to do so as long as you follow the README.

Personally, I recommend you to use the Key Vault version. It can be used with various services such as App Service and Front Door.

Enjoy your Azure Serverless life!

Posted on by:

shibayan profile

Tatsuro Shibamura

@shibayan

Developer / Microsoft MVP for Microsoft Azure / Windows on ARM Enthusiast

Discussion

pic
Editor guide