We welcome user feedback and feature requests!

Add support for Let's Encrypt in the Azure Portal

Please make it one-button easy to add a "Let's Encrypt" SSL cert to a WebApp.

The request was previously opened here: https://feedback.azure.com/forums/169385-web-apps-formerly-websites/suggestions/6737285-add-support-for-free-ssl-certs-like-those-from-let#{toggle_previous_statuses} but was closed with a community solution. The solution works, but isnt as seamless or easy as direct integration to the Azure portal.

The ideal solution was presented by Troy Hunt in a blog post: https://www.troyhunt.com/everything-you-need-to-know-about-loading-a-free-lets-encrypt-certificate-into-an-azure-website/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TroyHunt+%28Troy+Hunt%29

Thanks!

1,947 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Shane Castle shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    declined  ·  AdminAzure App Service Team (Admin, Microsoft Azure) responded  · 

    Azure App Service provides an ability to use certificates that are being held in Azure Key Vault. We do not want the individual resource providers to separately integrate with CA systems. We are instead trying to build around Azure Key Vault and that is where this integration request should go.
    Instead of moving this item to being under Key Vault, it is instead being closed and left here as a reference. If you do wish to vote up the request to add integration with Let’s Encrypt, please do so with the Key Vault related item: https://feedback.azure.com/forums/170024-additional-services/suggestions/16957756-add-integration-with-let-s-encrypt

    Christina

    22 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Rajasekharan Vengalil commented  ·   ·  Flag as inappropriate

        Azure App Service is a high-level PaaS solution for hosting sites (among other things). The whole point is that one is able to get things done without having to fret about low level details. Let's Encrypt integration fits perfectly into this idea. The request here I believe is to make the integration easy to use (perhaps the way Troy proposes in his blog). Whether it is accomplished with Key Vault or not appears to be implementation detail that your customers should not have to worry about. Do please re-consider. Thanks.

      • MikeB commented  ·   ·  Flag as inappropriate

        This is an awful decision. I think most of us were feeling optimistic about the future of Microsoft, but this is a huge step backwards.

      • zmorris commented  ·   ·  Flag as inappropriate

        Really, really, really bad idea. Goes against the fundamental principle of the entire Azure tool suite: "Use what you want how you want, we're not the old MS, forcing people into a specific tool stack."

        We've been using KeyVault in other areas for a couple years. It mostly blows.

        Has Scott Hanselman heard about this?

      • Steffen Gammelgård commented  ·   ·  Flag as inappropriate

        I actually bought one of those insanely overpriced App Service Certificates...

        It doesnt work, I get a "Guest User Error" when i go to import it to a KeyVault. - their support person wasted my time (3 remote sessions where he just wanted me to run the same Powershell commands and email him the output.. 3 times... I didnt bother to keep entertaining that idiot.)

        Just make them obsolete already and support a great service that will eventually make the internet a more secure place!

      • Fabrizio commented  ·   ·  Flag as inappropriate

        One of the worst decision by Microsoft I ever saw. Let's Encrypt is a free service able to push up the security level of the whole Internet and Microsoft don't understand the value and importance of being part of it.
        Dear Microsoft, take a look at the sponsors page https://letsencrypt.org/sponsors/ and you'll understand that you're making the wrong decision.

      • james commented  ·   ·  Flag as inappropriate

        Terrible decision Microsoft. You make enough money, stop trying to push your certs and give us this feature. How is this even going to work on Key Vault? I'll be quite happy if it does, but I don't see this happening.

        Seems as if this was closed without understanding both the necessity, and the reasons why it would be incredibly difficult to implement it on Key Vault, since you need access directly to the web server or the traffic router that sits in front of it.

      • Christian Weiss commented  ·   ·  Flag as inappropriate

        Is it even possible to integrate Let's Encrypt with Key Vault, if it doesn't have access to the DNS or the Webserver? How will the validation take place?

        With Let's Encrypt integrated into App Service AND Application Gateway (see related issue https://feedback.azure.com/forums/217313-networking/suggestions/15728205-let-s-encrypt-integration-for-https-certificates ) you would have the "epic" opportunity to make almost every public endpoint of Azure secure by default - this would be a huuuge selling point for Azure.

        It feels like you're clearly missing out on a great opportunity here. :-(

      • Nicolas Cadilhac commented  ·   ·  Flag as inappropriate

        This kind of decision makes me seriously think about 1. moving my sites out of azure, 2. creating new sites out of azure.

      • Mike Cousins commented  ·   ·  Flag as inappropriate

        They're obviously just trying to push their own super expensive SSL certs....

        Horrible decision Microsoft. This would be so much better if it was built into App Service instead of Key Vault.

      • Patrick commented  ·   ·  Flag as inappropriate

        This got closed twice now with both time a huge amount of votes.

        We need to vote again on a third User Voice to have this feature considered?

      • Anonymous commented  ·   ·  Flag as inappropriate

        This is becoming more important all the time. I am reluctant to move a lot of sites over to Azure because of the lack of support for Let's Encrypt.

      • zmorris commented  ·   ·  Flag as inappropriate

        I would give all ten of my votes for this if I could. My whole team would pool all of our votes and put them toward this if we could.

      • Mark Allan commented  ·   ·  Flag as inappropriate

        NB for clarity - the "ideal solution" referred to is the request for a button in the Azure Portal, not all the manual fiddling around that takes up the rest of the post ;)

      • Phil commented  ·   ·  Flag as inappropriate

        The other question would have to be why free SSL certs like Let's Encrypt would only be made available to the more costly Basic plans and higher instead of offering for Shared pricing tiers. But that's probably a separate request.

      • Elias Probst commented  ·   ·  Flag as inappropriate

        Take a look at Caddy (https://caddyserver.com) as a perfect example how absolutely painless ACME/TLS support can be done…
        Also make sure to implement generic ACME support, not only ACME tied to Let'sEncrypt.

      • Nick Randell commented  ·   ·  Flag as inappropriate

        I followed Troy's post, it worked, seemed to be quite a few steps to do, but only took 10 minutes which for a first time through is good. Making it easy to use will be really important.

        How about an azure version of lets encrypt so that it is built into to azure automatically. Maybe through in HTTP/2 at the same time - ie roll on Server 2016!

      • Patrick commented  ·   ·  Flag as inappropriate

        The steps don't look solid. It took me 1 hour, was successful, but I do not trust it (not sure the job will renew...). The number of votes in 2 weeks is+467 votes. I think it's clear that this would be a very favorable solution. Please, do not close it as Community Solution. Lot of people are coming to the cloud to have a part of the setup handled as a service. This would be a great feature and something that everyone doing web will embrace to use.

      ← Previous 1

      Feedback and Knowledge Base