Automating Wildcard SSL Certificates for Azure App Service with WSL & Let’s Encrypt
Introduction
In today’s digital landscape, securing websites with HTTPS is crucial for privacy, security, and even SEO. While Azure App Service offers SSL certificate deployment through its portal, the cost of wildcard certificates that protect multiple subdomains can quickly add up.
In this blog post, we will explore a cost-effective solution using the Let’s Encrypt certificate authority and the Windows Subsystem for Linux (WSL) on your local machine. By leveraging these tools, you can automate the creation and renewal of wildcard SSL certificates for your Azure App Service websites, all without ongoing expenses.
Prerequisites
To follow along with this tutorial, you will need:
- An Azure subscription with one or more App Service plans
- The Windows Subsystem for Linux (WSL) installed on your local machine
- A public domain name configured with a wildcard A record (e.g. *.example.com)
Installing Certbot on WSL
The first step is to install Certbot, the official client for Let’s Encrypt, within your WSL environment. Certbot simplifies the certificate issuing and renewal process.
Open your WSL terminal and run the following commands:
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
This will install Certbot from the official PPA repository, making it ready for use.
Obtaining a Wildcard Certificate
To obtain a wildcard SSL certificate for your domain, run the following Certbot command:
certbot certonly --manual -d *.example.com --preferred-challenges dns
Certbot will guide you through adding a TXT record to your domain’s DNS configuration to verify domain ownership. It will provide the record name and value.
Login to your domain registrar or DNS provider and add the indicated TXT record. Once completed, return to the Certbot prompt and type “y” to proceed.
Certbot will then request the certificate from Let’s Encrypt. If the DNS verification is successful, the certificate will be issued and saved to your system.
With this wildcard certificate, you can secure multiple subdomains like api.example.com, admin.example.com, and more.
Configuring Azure Apps to Use the Certificate
Now that we have the wildcard certificate locally, we need to configure our Azure App Service apps to utilize it.
First, upload the certificate files (e.g., .pem, .key) to your Azure Storage account. Then, in the Azure Portal, navigate to your App Service app and access the TLS/SSL settings.
Click on “Custom domain SSL (upload certificate)” and select the certificate files from storage. Don’t forget to choose the private key file as well.
Once uploaded, your app will be set up to use SSL and serve content over HTTPS using the new wildcard certificate. Repeat this process for any other apps under the same domain.
Automating Renewals
Let’s Encrypt certificates are valid for 90 days, requiring automatic renewal before expiration. Certbot facilitates this with the “renewed” subcommand.
certbot renew --dry-run
Executing this command will perform a test renewal without modifying any files. To actually renew, remove the “–dry-run” option.
We can schedule this renewal as a cron job to run automatically every month. On Ubuntu/Linux, edit the crontab.
crontab -e
Add the following line:
0 0 1 * * certbot renew >> /path/to/log/file 2>&1
This configuration will run Certbot renew on the 1st of every month at midnight, ensuring the certificates are always up to date without manual intervention.
The renewed certificates will overwrite the existing files, enabling your Azure apps to continue using the latest valid certificate without any configuration changes on your end.
Conclusion
By leveraging the power of Let’s Encrypt and WSL, you can automate the issuance and renewal of free wildcard SSL certificates for multiple Azure App Service websites and subdomains. This approach saves significant costs compared to purchasing and renewing individual certificates through the Azure Portal.
Make sure to regularly check the log files to ensure the monthly cron jobs run successfully. With this setup, your apps can always serve content over HTTPS securely, without any ongoing expenses.
If you have any further questions, feel free to reach out to us!
About Skrots
Skrots is a leading provider of advanced software solutions. We offer a wide range of services, including web development, mobile app development, cloud solutions, and more. With our expertise, we can help you achieve your digital goals and enhance your online presence. Visit Skrots to learn more about our company.
Additionally, check out our extensive range of services at Skrots Services to explore how we can assist you in various domains.
For more informative articles and insights, visit our Blog at Skrots.
Thank you for reading!
