Monday, April 15, 2024
HomeSoftware DevelopmentUtilizing WSL and Let's Encrypt to create Azure App Service SSL Wildcard...

Utilizing WSL and Let’s Encrypt to create Azure App Service SSL Wildcard Certificates



There are a lot of let’s encrypt automated instruments for azure however I additionally needed to see if I might use certbot in wsl to generate a wildcard certificates for the azure Friday web site after which add the ensuing certificates to azure app service.

Azure app service in the end wants a particular format known as dot PFX that features the total certificates path and all intermediates.

Per the docs, App Service personal certificates should meet the next necessities:

  • Exported as a password-protected PFX file, encrypted utilizing triple DES.
  • Comprises personal key no less than 2048 bits lengthy
  • Comprises all intermediate certificates and the foundation certificates within the certificates chain.

In case you have a PFX that does not meet all these necessities you’ll be able to have Home windows reencrypt the file.

I exploit WSL and certbot to create the cert, then I import/export in Home windows and add the ensuing PFX.

Inside WSL, set up certbot:

sudo apt replace
sudo apt set up python3 python3-venv libaugeas0
sudo python3 -m venv /choose/certbot/
sudo /choose/certbot/bin/pip set up --upgrade pip

Then I generate the cert. You will get a pleasant textual content UI from certbot and replace your DNS as a verification problem. Change this to ensure it is two strains, and your domains and subdomains are right and your paths are right.

sudo certbot certonly --manual --preferred-challenges=dns --email YOUR@EMAIL.COM   
--server https://acme-v02.api.letsencrypt.org/listing
--agree-tos --manual-public-ip-logging-ok -d "azurefriday.com" -d "*.azurefriday.com"
sudo openssl pkcs12 -export -out AzureFriday2023.pfx
-inkey /and many others/letsencrypt/dwell/azurefriday.com/privkey.pem
-in /and many others/letsencrypt/dwell/azurefriday.com/fullchain.pem

I then copy the ensuing file to my desktop (verify your desktop path) so it is now within the Home windows world.

sudo cp AzureFriday2023.pfx /mnt/c/Customers/Scott/OneDrive/Desktop

Now from Home windows, import the PFX, word the thumbnail and export that cert.

Import-PfxCertificate -FilePath "AzureFriday2023.pfx" -CertStoreLocation Cert:LocalMachineMy 
-Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Power) -Exportable

Export-PfxCertificate -Cert Microsoft.PowerShell.SecurityCertificate::LocalMachineMy597THISISTHETHUMBNAILCF1157B8CEBB7CA1
-FilePath 'AzureFriday2023-fixed.pfx' -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Power)

Then add the cert to the Certificates part of your App Service, below Carry Your Personal Cert.

Custom Domains in Azure App Service

Then below Customized Domains, click on Replace Binding and choose the brand new cert (with the most recent expiration date).

image

Subsequent step is to make this much more automated or choose a extra automated answer however for now, I am going to fear about this in September and it solved my costly Wildcard Area situation.




About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, guide, father, diabetic, and Microsoft worker. He’s a failed stand-up comedian, a cornrower, and a guide writer.

facebook
twitter
subscribe
About   E-newsletter

Internet hosting By
Hosted in an Azure App Service










RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments