Are you looking for an employer who cares about you as a person and where you feel involved in everything that concerns
you? Welcome to JellyHive!
Who are we? We are a successful IT consultant company and our philosophy is that the company is our employees.
Who are you? You are a system developer (fullstack, frontend, backend), and/or maybe also a scrum master, test lead, devops etc.
What we offer you Participation in developing the company with generous benefits.
The scenario for this blog post is that you have a Web App in Azure with your own domain that you would like to secure up with https. For simplicity sake, we will say that we have the domainname “yourwebsite.com” and the web app “yourwebsite” aka. “yourwebsite.azurewebsites.net”
Make shure that your web app is in a Web service plan that supports custom domains and SSL/TLS.
Add your custom hostname/-s under “Custom domains”. Preferably you could add both yourwebsite.com and www.yourwebsite.com.
Add A and CNAME records in your DNS.
In this example we have added:
Where 22.214.171.124 is the ip-address for your web app in Azure.
As we will use a site extension called “Azure Let’s Encrypt” to set up and refresh the certificate we need two web jobs,
and these web jobs needs som storage so make shure that you have an Storage Account available as well.
Let’s Encrypts certificates will last only 90 days and you have to refresh them prior to those 90 days. This site extension will do that automatically for you, so you do not need to worry.
Go to the application setting for you web app (yourwebsite) and add two settings; one named “AzureWebJobsStorage” and the other “AzureWebJobsDashboard”. These two shall have the value of the Storage Accounts connection string (Go to the Storage Account > “Access keys” > copy key1 connection string)
As the site extension states:
“The certificate is installed and renewed using the Azure Resource Manager API, because the renewal process should run unattended you need to register an Azure AD service principal that have access to at least the Azure Web App.”
Open Powershell and make shure that you have the Azure Powershell module installed.
If you do not have the Azure Powershell module installed, go here and read more on how to install:
You need to get the following information:
SubscriptionId for the subscription that has your web app (yourwebsite)
Login to your account and subscription:
> Login-AzureRmAccount -SubscriptionId SUBSCRIPTION_ID
Register some variables that will be used:
> $uri = 'http://yourwebsite.com' > $SecurePassword=ConvertTo-SecureString 'SECRETPASSWORD' –asplaintext –force > $app = New-AzureRmADApplication -DisplayName PreserveTime -HomePage $uri -IdentifierUris $uri -Password $SecurePassword
Since New-AzureRmADApplication needs a secure string, we convert our password to that. Later on we will need the password and at that point we will use the password as stated above in clear text, not as a secure string.
Create an service principal in Active Directory:
> New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
Assign the contributor role to the service principal
>New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.ApplicationId
You will need the appId (also called later on, ClientId)
Now it’s time to insta the Azure Let’s Encrypt site extension.
After the installation of the extension has finnished, restart your web app by stopping and starting it. After the restart has finished, click the “Launch”-button on the extension (looks like a play button).
At a first glance, the Authentication Settings page could look a bit daunting, but fear not. If you have successfully finnished the previous steps, this part will not be that hard.
Begin with adding these six application settings to your web app:
|App settings name||Value|
|letsencrypt:Tenant||A GUID for your directory|
|letsencrypt:SubscriptionId||The web apps subscription Id. Could be found on the web apps “Overview”-tab|
|letsencrypt:ClientId||The AppId for the Azure Ad application you created in the beginning|
|letsencrypt:ClientSecret||The password you set when creating the Azure AD app|
|letsencrypt:ResourceGroupName||The resource group name where the web app is located|
|letsencrypt:ServicePlanResourceGroupName||The resource group name for the serviceplan that is connected to the web app|
When all the application settings above has been saved, go back to the “Authentication Settings”-page for the site extension and refresh that page.
You will see the form fields updated. Click the “Next”-button.
Inspect that Hostnames, SSL bindings and certificates looks fine. Click the “Next”-button.
Select the hostnames for which you want to request Let’s Encrypt SSL certificates, in our case yourwebsite.com and www.yourwebsite.com.
Enter a email for contact purposes.
Don’t check the UseStaging checkbox.
Click the “Request and Install certificate”-button
Yes, our work is done here. Congratulations!