There are various let’s encrypt computerized instruments for azure however I additionally wished to see if I may use certbot in wsl to generate a wildcard certificates for the azure Friday web site after which add the ensuing certificates to azure app service.
Azure app service in the end wants a selected format referred to as dot PFX that features the total certificates path and all intermediates.
Per the docs, App Service non-public certificates should meet the next necessities:
- Exported as a password-protected PFX file, encrypted utilizing triple DES.
- Incorporates non-public key not less than 2048 bits lengthy
- Incorporates all intermediate certificates and the basis certificates within the certificates chain.
In case you have a PFX that does not meet all these necessities you may have Home windows reencrypt the file.
I take advantage of WSL and certbot to create the cert, then I import/export in Home windows and add the ensuing PFX.
Inside WSL, set up certbot:
sudo apt replace
sudo apt set up python3 python3-venv libaugeas0
sudo python3 -m venv /decide/certbot/
sudo /decide/certbot/bin/pip set up --upgrade pip
sudo /decide/certbot/bin/pip set up certbot
Then I generate the cert. You will get a pleasant textual content UI from certbot and replace your DNS as a verification problem. Change this to verify it is two traces, and your domains and subdomains are appropriate and your paths are appropriate.
sudo certbot certonly --manual --preferred-challenges=dns --email [email protected]
--server https://acme-v02.api.letsencrypt.org/listing
--agree-tos --manual-public-ip-logging-ok -d "azurefriday.com" -d "*.azurefriday.com"
sudo openssl pkcs12 -export -out AzureFriday2023.pfx
-inkey /and so forth/letsencrypt/reside/azurefriday.com/privkey.pem
-in /and so forth/letsencrypt/reside/azurefriday.com/fullchain.pem
I then copy the ensuing file to my desktop (examine your desktop path) so it is now within the Home windows world.
sudo cp AzureFriday2023.pfx /mnt/c/Customers/Scott/OneDrive/Desktop
Now from Home windows, import the PFX, be aware the thumbprint and export that cert.
Import-PfxCertificate -FilePath "AzureFriday2023.pfx" -CertStoreLocation Cert:LocalMachineMy
-Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Pressure) -ExportableExport-PfxCertificate -Cert Microsoft.PowerShell.SecurityCertificate::LocalMachineMy597THISISTHETHUMBNAILCF1157B8CEBB7CA1
-FilePath 'AzureFriday2023-fixed.pfx' -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Pressure)
Then add the cert to the Certificates part of your App Service, underneath Convey Your Personal Cert.
Then underneath Customized Domains, click on Replace Binding and choose the brand new cert (with the newest expiration date).
Subsequent step is to make this much more computerized or choose a extra automated resolution however for now, I will fear about this in September and it solved my costly Wildcard Area problem.
About Scott
Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, guide, father, diabetic, and Microsoft worker. He’s a failed stand-up comedian, a cornrower, and a ebook writer.
