Ssl Azure WebApp Certificate Generator

This extenions let you generate Lets Encrypt ssl certificate and bind it to domain on your web app for free.

For who

It's for users having multiple Azure WebApps with custom domains who would like to automatically, for free bind SSL certificates to their WebApps domains.

Requirements

• Azure WebApp Service
• Azure Devops

Usage

Add SSL Azure WebApp Certificate Generator task to your agent job on pipeline configuration. To be able to set it up you'd need to have your Azure Subscription attached to your Devops instance.

Next you need to fill the form:

Steps are following:

1. Select attached Azure subscription
2. Select your websites App Service name
3. Select it's Resource group name
4. Select domain name you'd like to attach certificate to
5. Insert issuer email - it's used by Let's Encrypt to identify user creating certificate
6. Set public files root path on web app. For regular .net application with standard configuration it's root folder -> /
7. Add certificate password - it's used to generate pfx file

Extension is using internally http certificate validation method which means Let's Encrypt Certificate Issuer will try to request specific path on your website to validate if you own it and have an access to it. This path is */.well-known/acme-challenge/ - you have to make sure that your application will let Let's Encrypt access files in this path. For instance for domain.example hostname this url might look like http://domain.example/.well-known/acme-challenge/ijRKhaZmu4hyrRmY1ujbTP4CQOHTJPav23dsoAe6Sxk.

In case of .NET in some cases (depends on your application configuration) we would have to create .well-know directory in root of your public path add create following web.config file there to give access to generated files:

<?xml version="1.0"?>
<configuration>
 
 <system.web>
   <!-- Make directory public. Allow anonymous users access to everything in this directory. -->
   <authorization>
     <allow users="*"/>
   </authorization>
 </system.web>
 
 <system.webServer>
   <!-- Directory only contains plain text files. -->
   <staticContent>
     <mimeMap fileExtension=".*" mimeType="text/plain" />
   </staticContent>
   
   <!-- Only static files are allowed, so remove everything but the StaticFile handler. This also solves the issue with extensionless files returning a 404 Page Not Found. -->
   <handlers>
     <clear />
     <add name="StaticFile" path="*" verb="*" type="" modules="StaticFileModule,DefaultDocumentModule,DirectoryListingModule" scriptProcessor="" resourceType="Either" requireAccess="Read" allowPathInfo="false" preCondition="" responseBufferLimit="4194304" />
   </handlers>
 </system.webServer>
 
</configuration>

Drawbacks

• Certificates are valid only for 3 months
• In Azure DevOps we are not able to schedule certificate generation for specific timeframe. It's at least once a week or nothing.