Add support for free SSL certs like those from Let's Encrypt
Now that the EFF and Mozilla are backing the Let's Encrypt project to provide everyone free SSL certs, it would be great if you would permit free usage of SSL certs on Azure Websites.
Here is some additional info to the WebJob @OhadSchneider posted below.
This is a WebJob-ready console application for renewing Azure Web App TLS/SSL certificates (based on letsencrypt-siteextension).
• Install on any Web App (unlike the extension, doesn’t have to be the same web app for which you want to manage SSL certs).
o Publishing with “Delete Existing files” has no effect when the WebJob is deployed to a different (preferably dedicated) Web App (doing this with the extension would silently delete its renewal webjob – by far its biggest issue IMO)
o Multiple Web App management is supported (compared to the extension that you’d have to install on each and every Web App you own and manage separately)
• E-mail notifications are built in (via SendGrid).
• No external dependencies other than Let’s Encrypt (the extension relies on an Azure Storage account which has to be both alive and configured in a certain way, if not renewal will fail).
• Can be executed as a plain command-line tool from any environment, e.g. a CI system (the extension can only be executed as a WebJob in the context of a Web App)
Thank you Ohad for the summary and sharing your solution!
It would be great if web apps had a wizard to request and install certificates directly from let's encrypt when adding a custom domain.
Nik Molnar commented
I've documented this site extension here: https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/
The write up gives a little background on Let's Encrypt, and then jumps into a step-by-step guide on how to get Let's Encrypt working on App.
It seems like Amazon just did much better (AWS Certificate Manager), adding pervasive support from provisioning and managing of certificates, to automatic incorporation in load-balancer and CloudFront.
In a somewhat striking contrast, Microsoft is satisfied with declaring the need "community solved"... :(
Great, now please connect with your fellow Azure colleagues, and see what can be done to add pervasive Letsencrypt support across the Azure ecosystem (for VM endpoints, CDN, blob storage, etc.
Jan Hajek commented
There is a site extension available: http://www.siteextensions.net/packages/letsencrypt/
As a developer I would be very interested in this. Please make it happen. Thanks!
Mitch R commented
It's now 2016...
I think MS should start investing a little time in this because it's going to be a big part of the web going forward.
That would be indeed great if there is toolset for automatic certificate renewal also for Azure websites not just Apache.
The request message was malformed :: Error creating new authz :: Name is blacklisted :\ while using letsencrypt on my vm
Geoffrey Huntley commented
It would be pretty amazing to see Azure + Let's Encrypted integrated and Azure completely handle/manage the agent/renewal process.
Felipe Amorim commented
This is a no brainer to provide a great developer experience for azure websites.
Paul Irwin commented
Let's Encrypt is now in Public Beta. It would be good to hear an update on support for this in Azure.
Kristofer Olafsson commented
I also think this would be an Awesome feature. Even if MS rolled something out just like it for Azure sites. You know who I am and all my billing info so why not roll that into a free cert for things running in azure.
Azure Web (and IIS) needs full ACME integration. There should be no need to install or renew certs manually, it should all be automatic.
Let's Encrypt support in Azure should become as easy as ticking a single checkbox. Once set, it should request, install and auto-renew as necessary.
Yes making letsencrypt easy to add to an azure website would be great. I do not have a secured website because it seems like to much of a hassle messing with certs. If you guys could make letsencrypt on azure as easy as a setting to encrypt a site in azure that would be awesome.
Philip Coupar commented
I am happy to split these ideas up but I have recently had to renew a number of certificates on Azure for websites and cloud services.
There needs to be an easy way to see all certificates in a subscription and potentially an alert capability for expiring certificates.
A simple tool to create and apply domain verified certificates and renewals (or automated renewal similar to what has been proposed by Let's Encrypt.
A deeper integration with a provider like godaddy to provide paid for enhanced verification certificates but with the same simple creation and renewal capability.
Azure based tools for pfx creation and/or a secure store for private keys that can help automate the certificate process.
Philip Coupar commented
Support for Let's Encrypt would make it easy for everyone to use SSL on their websites, even if this still required standard.
It would be even better if Azure had it's own CA and was able to distribute and install SSL certificates for custom domains and automate the renewal process (with possible premuim offers for OV or EV certificates)