Use free Let's Encrypt Certificates with Azure Web Apps

Richard Banks
• 3 min read

I recently deployed a few web apps to Azure for a small personal project.

Being security conscious, and because I support social sign-ins (i.e. Google, Facebook, etc), I wanted to only serve content over HTTPS. When I went and looked at the cost of certificates I was dismayed.

Paying a few hundred dollars just to get two certificates for my little web apps just doesn't make sense.

Thankfully, this is where Let's Encrypt steps in.

Let's Encrypt is a free certificate authority run by the Internet Security Research Group and sponsored by many of the big players in the industry and it's intended to solve exactly this problem.

Apart from the price point (did I mention it's free!!!) it differs from other certificate authorities by being a fully automated service. Certificates are only issued via calls to an API and have a short 3-month lifetime.

A number of hosting service providers have added integrated support for Let's Encrypt but sadly Azure is not one of them.

For Azure users there are currently two different methods for integrating Let's Encrypt with your Azure Web Apps. Just keep in mind that both of these methods are open-source community efforts and unsupported. Like all unsupported, open source initiatives, if you use and rely on these projects in any way, I'd strongly encourage you to contribute to them in some way to ensure their long-term future.

Option 1. The Let's Encrypt site extension

The Let's Encrypt site extension gives you a user interface for configuring your certificate needs, and performs all the hard work of calling the Let's Encrypt APIs, installing certificates in the correct locations, and refreshing those certificates every few months.

You install the site extension via the Azure Portal and follow a short-ish sequence of well documented, straight forward steps to configure it. You'll need to do this once per web app and you'll need to have a storage account as well.

The extension works wonderfully well, and the installation guide walks you through everything you need to get it up and running, including screen shots.

If you only have one web app to secure, this could be easily your approach of choice.

Option 2. The Let's Encrypt Web App Renewer

The Let's Encrypt Web App Renewer leverages all the great work of the site extension and packages it into a console application (for use in your DevOps pipelines) and a standalone web job. It's also been mentioned by Microsoft as the approach to use for using Let's Encrypt with Azure.

The difference between the renewer and the site extension are mentioned in the Let's Encrypt Web App Renewer ReadMe , with the major differences being that you can use the renewer across multiple sites and that you don't need a storage account to use it.

Configuration instructions are on the project site and are very easy to follow.

Given I have multiple sites that I wanted certificates for I decided to use the renewer and found it very simple to set up and use.

What does this mean for you?

It means the traditional cost and hassle of using certificates is no longer a blocker. Add HTTPS support to your Azure web apps using free Let's Encrypt certificates and one of the options for automatically creating and renewing certificates.

Say goodbye to those browser warnings about your site being insecure and help make the web just that little bit safer for everyone.

Richard Banks

Richard Banks has more than 25 years of experience helping people and teams solve complex problems. His broad and extensive background allows him to understand the challenges most people face and makes him an invaluable person to work with.