Lets encrypt
No edit summary
No edit summary
Line 1: Line 1:
Let's encrypt issues free shortlived SSL certs - you can set up azure to renew them automatically:
Lets encrypt issues free shortlived SSL certs - you can set up Azure to renew them automatically:


<nowiki>https://www.hanselman.com/blog/SecuringAnAzureAppServiceWebsiteUnderSSLInMinutesWithLetsEncrypt.aspx</nowiki>
https://www.hanselman.com/blog/SecuringAnAzureAppServiceWebsiteUnderSSLInMinutesWithLetsEncrypt.aspx  


Let's encrypt:
Lets encrypt:


# Add custom domain to your App
# Add a custom domain to your App
# Add or reuse a storage account and copy the connectionstring for use in step 6  (the lets encrypt extension store data here)
# Add or reuse a storage account and copy the connectionstring for use in step 6  (the lets encrypt extension stores data here)
# Azure AD , App reg:  xxxxLetsEncrypt
# Azure AD , App reg:  xxxxLetsEncrypt
## remember AppId: xxxxxxxx
## Remember AppId: xxxxxxxx
# Add secret - name it login  yyyyyyyy
# Add secret - name it login  yyyyyyyy
# Resource group running xxx, AccessControl, add permission, contributor , your app xxxLetsEncrypt should be contributor
# Resource group running xxx, AccessControl, add permission, contributor, your app xxxLetsEncrypt should be a contributor
# Go to the app service in azure portal xxx, Extensions, Azure Lets Encrypt, you must add connection strings in setting
# Go to the app service in Azure portal xxx, Extensions, Azure Lets Encrypt, you must add connection strings in setting
## AzureWebJobsDashboard
## AzureWebJobsDashboard
## AzureWebJobsStorage  , both with the same valeu: connection string to your storage account
## AzureWebJobsStorage, both with the same value: connection string to your storage account
# Configure extension  <nowiki>http://YOURSITENAME.scm.azurewebsites.net/LetsEncrypt</nowiki>
# Configure extension  <nowiki>http://YOURSITENAME.scm.azurewebsites.net/LetsEncrypt</nowiki>
## ...follow the guide/next - you get a box with your domain names, select one +request and install, repeat, ->  you now have certs
## ...follow the guide/next - you get a box with your domain names, select one +request and install, repeat, ->  you now have certs
# Go back to the app and use them on your custom domains, turn on always SSL.
# Go back to the app and use them on your custom domains, turn on always SSL.
[[Category:Security]]
[[Category:Security]]

Revision as of 06:01, 22 March 2023

Lets encrypt issues free shortlived SSL certs - you can set up Azure to renew them automatically:

https://www.hanselman.com/blog/SecuringAnAzureAppServiceWebsiteUnderSSLInMinutesWithLetsEncrypt.aspx

Lets encrypt:

  1. Add a custom domain to your App
  2. Add or reuse a storage account and copy the connectionstring for use in step 6 (the lets encrypt extension stores data here)
  3. Azure AD , App reg:  xxxxLetsEncrypt
    1. Remember AppId: xxxxxxxx
  4. Add secret - name it login  yyyyyyyy
  5. Resource group running xxx, AccessControl, add permission, contributor, your app xxxLetsEncrypt should be a contributor
  6. Go to the app service in Azure portal xxx, Extensions, Azure Lets Encrypt, you must add connection strings in setting
    1. AzureWebJobsDashboard
    2. AzureWebJobsStorage, both with the same value: connection string to your storage account
  7. Configure extension  http://YOURSITENAME.scm.azurewebsites.net/LetsEncrypt
    1. ...follow the guide/next - you get a box with your domain names, select one +request and install, repeat, ->  you now have certs
  8. Go back to the app and use them on your custom domains, turn on always SSL.
This page was edited more than 11 months ago on 02/10/2024. What links here