Let’s Encrypt is a new free to use Certificate Authority, in public beta, that is on a mission to provide free SSL certificates to all web sites. Obviously, that requires some rethinking of how certificates are issues, as it otherwise would be impossible to accomplish their goal of HTTPS to be the default.
28-02-2016: Please use my Site Extension instead that is a better approach, you can read more about it here.
The way letsencrypt isseues certificates are fully automated via the protocol ACME (Automated Certificate Management Environment) developed for the purpose. So in order to get at certificate from letsencrypt you must have an ACME client that can request a certificate and renew it. Note the renewal process is more important now, as letsencrypt only issues certificates that are valid for 3 months in order to encourage automation of the request and renewal process.
Lets encrypts main focus during development have been Linux environments, but a C# implementation of the protocol have been implemented ACMESharp. Letsencrypt-Win-Simple
is a simple console application built on top of that library that can be used to setup LetsEncrypt certificates on IIS servers.
Lone-Coder’s letsencrypt-win-simple, can be extended with plugins for issuing certificates for other hosting platforms. Since I learned about letsencrypt back in October I have been eagerly waiting to take advantage of it on my Azure Websites. I have been looking for someone to do a Azure friendly ACME client, unfortunately I haven’t seen one yet, and a twitter discussion with some fellow Danish Azure devs, encouraged me to see if I could do a plugin for letsencrypt-win-simple that will make it easy to use letsencrypt certificate on Azure Web Apps.
I succeeded! It created a plugin for letsencrypt-win-simple that will let you: request a certificate from letsencrypt, place the needed signature files on an azure web app and, install and setup the SSL certificate in your web app. Currently the plugin must be run manually, and does use the windows certificate store on the machine it is running from (so it is not ready to be run from Azure Web Sites in a fully automated manner) but hopefully, I can get those obstacles out of the way or someone else can. My code is placed on github, https://github.com/sjkp/letsencrypt-win-simple.
The process of installing a letsencrypt issued SSL certificate on an azure web app with the tool are as follows, in the example I generate SSL certificate for one of my websites, www.schdo.com
Type w to generate a certificate for an Azure Web Sites
A pop up will show up asking you to sign in, with a Work or School account (note you cannot use a Live Account, as it doesn’t work with Azure Resource Manager that the plugin uses).
If you pay attention you will see that the title is Microsoft Azure PowerShell, the reason for that is that I just used the Client Id for the Azure PowerShell client library because it exists in all Azure Tenants.
Next you will have to select which subscription your web sites resides in. (Many people might only have one, but if you have more, this step is where you select the right subscription).
Next up is the selection of resource group.
When the resource group is selected select the site whinin it.
Once the site is selected you have to type in the hostname you want the SSL certificate to be issued to. In my case www.schdo.com, note I have already setup the DNS and assigned the hostname to the web app (the tool will not do that for you). Read here how to setup a custom domain for Azure Web App.
Next you enter a local temp folder that the ACME signature file will be written to, before it is uploaded to the web app.
Now it just a matter of waiting while the tool does its work. Once it is done, you site should have a SSL certificate installed, and the certificate should be assigned to the hostname you specified.
It should look like this in the azure portal.
i cant find the letsencrypt.exe in ur githud link
can you plz mail me the content to my mail address
Hi Simon, thanks for helping to make this process easier.
After I enter my email for the subscription (a non live.com email) the client.Subscriptions.List() returns null and the shell is stuck waiting for me to select a host. Any ideas as to why an account wouldn’t return it’s subscriptions? I do have web apps etc. running in the account.
Too bad this doesn’t work with Live accounts. I would have found it really useful 🙂
really useful information, bookmarked and will be implementing shortly – thank you
Hi draviya – you have to build it yourself, until the pull request gets accepted.
Is you email ending with onmicrosoft.com or a domain registed with the AD tenant you are using? It has to be a work or school account, should have this symbol
Hi Samon, thanks for you work
I have some problems on trying with this approach
Does it work with [email protected] and free trial subscription? If no, is there any way to generate an certificate for Azure service for testing purpose?
Thanks a lot
Nope, it’s just a regular live account. My MSDN is registered with my private email address.
Hey good work. But i saw this other alternative that seems more clean via Azure Websites Extensions, thought i would share here for others researching too.
Hi Rui – that is actually my extension, this post was actually my prototype before creating the extension 🙂