Add support for free tls/ssl certificates
I want to create a tls/ssl binding to a custom host-name with a free certificate
Thank you for your feedback. We understand that lack of support for naked domains is limitation. We are working with our partner teams to bring support for naked domains to this feature. You can vote and keep track of the progress here: https://feedback.azure.com/forums/169385-web-apps/suggestions/38981932-add-naked-domain-support-to-app-service-managed-ce.
Also, we are working to bring App Service Managed Certificates to Free and Share tiers. You can vote and keep track of this here: https://feedback.azure.com/forums/169385-web-apps/suggestions/39223321-support-app-service-managed-certificates-on-free-a
Jeff Hansen commented
Great work on the extension, but there is still too much overhead with setting up the Service Principal, so no, it's not "solved", it's more like "this is good enough until we get this implemented natively"
It would be great if web apps had a wizard to request and install certificates directly from let's encrypt when adding a custom domain.
Nik Molnar commented
I've documented this site extension here: https://gooroo.io/GoorooTHINK/Article/16420/Lets-Encrypt-Azure-Web-Apps-the-Free-and-Easy-Way/
The write up gives a little background on Let's Encrypt, and then jumps into a step-by-step guide on how to get Let's Encrypt working on App.
It seems like Amazon just did much better (AWS Certificate Manager), adding pervasive support from provisioning and managing of certificates, to automatic incorporation in load-balancer and CloudFront.
In a somewhat striking contrast, Microsoft is satisfied with declaring the need "community solved"... :(
Great, now please connect with your fellow Azure colleagues, and see what can be done to add pervasive Letsencrypt support across the Azure ecosystem (for VM endpoints, CDN, blob storage, etc.
Jan Hajek commented
There is a site extension available: http://www.siteextensions.net/packages/letsencrypt/
As a developer I would be very interested in this. Please make it happen. Thanks!
Mitch R commented
It's now 2016...
I think MS should start investing a little time in this because it's going to be a big part of the web going forward.
That would be indeed great if there is toolset for automatic certificate renewal also for Azure websites not just Apache.
The request message was malformed :: Error creating new authz :: Name is blacklisted :\ while using letsencrypt on my vm
Geoffrey Huntley commented
It would be pretty amazing to see Azure + Let's Encrypted integrated and Azure completely handle/manage the agent/renewal process.
Felipe Amorim commented
This is a no brainer to provide a great developer experience for azure websites.
Paul Irwin commented
Let's Encrypt is now in Public Beta. It would be good to hear an update on support for this in Azure.
Kristofer Olafsson commented
I also think this would be an Awesome feature. Even if MS rolled something out just like it for Azure sites. You know who I am and all my billing info so why not roll that into a free cert for things running in azure.
Azure Web (and IIS) needs full ACME integration. There should be no need to install or renew certs manually, it should all be automatic.
Let's Encrypt support in Azure should become as easy as ticking a single checkbox. Once set, it should request, install and auto-renew as necessary.
Yes making letsencrypt easy to add to an azure website would be great. I do not have a secured website because it seems like to much of a hassle messing with certs. If you guys could make letsencrypt on azure as easy as a setting to encrypt a site in azure that would be awesome.
Philip Coupar commented
I am happy to split these ideas up but I have recently had to renew a number of certificates on Azure for websites and cloud services.
There needs to be an easy way to see all certificates in a subscription and potentially an alert capability for expiring certificates.
A simple tool to create and apply domain verified certificates and renewals (or automated renewal similar to what has been proposed by Let's Encrypt.
A deeper integration with a provider like godaddy to provide paid for enhanced verification certificates but with the same simple creation and renewal capability.
Azure based tools for pfx creation and/or a secure store for private keys that can help automate the certificate process.
Philip Coupar commented
Support for Let's Encrypt would make it easy for everyone to use SSL on their websites, even if this still required standard.
It would be even better if Azure had it's own CA and was able to distribute and install SSL certificates for custom domains and automate the renewal process (with possible premuim offers for OV or EV certificates)