Introduction
Securing a web application using SSL certificates is an essential thing. But it involves cost and time to get that done. We need to create a self-signed certificate request and send it over to any certificate provider. They will verify and send us the certificate, which involves some cost.
Here we are going to see how to ease this process and get your site secured within a few minutes using “
let’s encrypt”.
We need the below checklist to get ready.
- Storage Account connection string
- Resource Group name of App Service and App Service Hosting plan
- AD App client id
- AD App client secret
- Directory ID
- Azure subscription id
Make sure you have enough permissions to perform the below operations,
- Create Storage Account
- Create Azure AD App
- Access control management for Resource group where App service is created
- Configuration and Kudu services access for App Service.
Create a Storage Account
- Login in to Azure Portal and search for Storage accounts in the search bar.
- Create a storage account, choose the same subscription and resource groups which are used for the app service which we are going to secure.
- Go to the storage account, from the left blade choose “Access keys” and copy the connection string, you will need this later.
![Secure Your Azure App Service For Free With Let's Encrypt SSL Certificate]()
Create Azure AD APP
- Login to Azure portal and search for “Azure Active Directory” in the search bar.
- Look for “App Registrations” from the left blade and click “App Registrations” from the right-side pane.
- Give some meaningful name to the app and choose Account type as single tenant
- Choose the app type as “Web” and give the redirect URI as your app service url
![Secure Your Azure App Service For Free With Let's Encrypt SSL Certificate]()
- Once the app is created go to the Overview section and copy the Application ID and Directory ID.
![Secure Your Azure App Service For Free With Let's Encrypt SSL Certificate]()
- Now go the “Certificates & Secrets” from the left blade and create a new client secret. Once the secret is created copy the key right away - you cannot view it later.
- Now go the resource group where App Service and App Service plan is created and using the “Access Control” option grant Contributor permission to the AD App.
Configure App service
Now it's time to configure the app service with the values captured so far. Open the App Service and look for the configurations section and add the below config settings,
- letsencrypt:ClientId AD App application ID
- letsencrypt:ClientSecret AD App client secret
- letsencrypt:ResourceGroupName Resource group name where app service is hosted
- (Optional) letsencrypt:ServicePlanResourceGroupName – Resource group name where app service name is hosted
- letsencrypt:SubscriptionId: Your azure subscription id
- letsencrypt:Tenant Directory id
- AzureWebJobsDashboard Storage account connection string
- AzureWebJobsStorage Storage account connection string
Now go to Kudu services in the App service or go to the below URL
https://YourAppServiceName.scm.azurewebsites.net/SiteExtensions/#gallery
Go to “Site Extensions” from the top nav and go to gallery tab and search for let’s encrypt and add the extension by clicking the plus button.
Now go to the installed tab and click the run button in the upcoming page. Make sure all the configuration values are correct and click Next button.
After the successful validation it will list the domains that are mapped with this AppService. Choose the domain you want to secure and enter the communication email address and click “Request and Install certificate”
Our Azure App service is secured now! Note that this SSL certificate is valid only for 3 months, after 3 months you need to renew it and you will be receiving a notification for the same before 3 months to the email address you have entered.
Conclusion
I hope this article helps you to understand secure Azure App service with free SSL certificate. If you have any questions/issues about this article, please let me know in the comments.