Before we start let’s make sure we are all on the same page, you already have an App Service Running on Azure and I assume that you have a TLD registered and do know how to manage DNS records. As Certbot is only available on Linux I did run all the setup through WSL2, if you don’t have a running WSL2 setup yet please refer to the official Documentation: Install Windows Subsystem for Linux (WSL) on Windows 10 | Microsoft Docs
Now that we are ready to get started, I start a new shell in WSL2 and install Certbot. Even though the official documentation recommends using “snap” you still can use apt-get under ubuntu. Running snap in WSL2 might lead to some issues so I would recommend apt-get like
sudo apt-get install certbot .
Now we can get started running Certbot, to do this we want to use the manual mode and DNS challenge as we are not running this request directly from our App Service.
sudo certbot certonly --manual --preferred-challenges dns Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel): multiplayer.cloud www.multiplayer.cloud Obtaining a new certificate Performing the following challenges: dns-01 challenge for multiplayer.cloud dns-01 challenge for www.multiplayer.cloud
Now Certbot will ask you to create DNS TXT records for every domain you want to verify. Simply add the requested values to your DNS record and make sure that your Nameservers are updated.
Please deploy a DNS TXT record under the name _acme-challenge.multiplayer.cloud with the following value:
After a successful validation you should now have the complete certificate chain, private key located in “/etc/letsencrypt/live/DOMAIN”. Now we need to generate a .PFX certificate as this is the format that App services expects. To get access to the folder and run the aprpiate command we want to elevate our access to root.
sudo -i cd /etc/letsencrypt/live/multiplayer.cloud/ openssl pkcs12 -export -out multiplayer.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem
Now we want to copy the .PFX file somwhere where we can find it in windows.
sudo cp /etc/letsencrypt/live/multiplayer.cloud/multiplayer.pfx multiplayer.pfx
Now we can easily upload the certificate in our App Service under SSL/TSL Setting and add it as SNI binding to our domain.
And this is all you need to do get this running manually.