For the last 3 years we used Let’s Encrypt certificates for our user group site. Since there is no direct and easy-to-use solution in Azure, we needed the sjkp plug-in. Unfortunately, that no longer works after we moved from Windows to Linux as the hosting platform and we needed to fall back to a manual process for the renewal of the certificates.
App Service Managed Certificate
By coincidence I noticed the option for a managed certificate solution that is free of charge in Azure. I found a few posts and entries in the official documentation that described this feature and I thought that could be a good fit for our site:
We first tried it with other projects that run on subdomains, and it worked like a charm. Quickly done, no problems and free. Great!
Create a managed Certificate
Open the TLS / SSL Settings for your web application in the Azure Dashboard. In the Private Key Certificates (.pfx) section you find the option to create App Service Managed Certificates:
Select your domain and create the certificate:
When the certificate is ready, go to the Bindings tab and add a binding for your domain:
Your new certificate should now secure the connection to your web application.
Root domains without a subdomain
As we created the managed certificate for the user group site, we could add the www.dnug-bern.ch certificate without a problem, while the certificate for dnug-bern.ch (the plain root domain without the www prefix) did not work. We only ever saw a timeout message.
We reverted back to the Let’s Encrypt certificate, but after a few hours the managed certificate appeared. This showed us two important points you should be aware of:
- The managed certificate may need time to show up. Therefore, don’t wait until the last minute of the lifetime of your current certificate until you create a managed one.
- The Azure Dashboard user interface is broken. If something does not work, close your browser, delete all cookies and temporary data. Then try again and it probably will work.
Conclusion
App Service Managed Certificates in Azure are a great help when everything works as it should. If something goes wrong, you may have a longer downtime of your site than necessary. Therefore, create the managed certificate in advance (a day or two ahead of your change) to prevent such surprises.