question

MartinMeixger-1476 avatar image
9 Votes"
MartinMeixger-1476 asked azure-cxp-api edited

Azure App Service free Managed Certificate for SSL/TLS

So free "Managed Certificate" is now available in Preview and it doesn't support naked/apex domains.
azure.microsoft.com/announcement

Now it's a SEO best practice to stick to either 'www' or no 'www' and do a 301 redirect.

How are we supposed to do a https://contoso.com to https://www.contoso.com redirect?

Seems we have to stick with Let's Encrypt for now.

azure-webapps
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Paul-Shell avatar image
2 Votes"
Paul-Shell answered Paul-Shell commented

For apex or wildcard you'd need to bring your own cert. LetsEncrypt is awesome.

To redirect from apex to www, you can bind the apex to the ip of a Function. Then inside the function do a redirect. Of course then the redirect Function App would need a cert.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So setup a Let's Encrypt certificate and renewal process to bind the apex IP to a function to redirect to a www site to use the "free" Microsoft cert...

I think I'll just use the Let's Encrypt cert on both www and apex.

4 Votes 4 ·
MartinMeixger-1476 avatar image
2 Votes"
MartinMeixger-1476 answered

For my understanding, supporting apex certificates is a quite basic feature that should be supported out-of-the box!

So basically, for now, Microsoft Managed Certificates are not very useful.

For reference, i'm using successfully https://github.com/shibayan/appservice-acmebot:

This function provide easy automation of Let's Encrypt for Azure App Service. This project started to solve some problems.

✔ Support multiple app services

✔ Simple deployment and configuration

✔ Robustness of implementation

✔ Easy monitoring (Application Insights, Webhook)

They can manage multiple App Service certificates with single Function App.










5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ryanchill avatar image
1 Vote"
ryanchill answered

Hi @meixger, the product group is exploring supporting such a feature, but nothing definite at this point in time. I would advise submitting feedback.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ohads avatar image
1 Vote"
ohads answered

Shameless plug, since it looks like Let's Encrypt is still needed, here's my solution (based on letsencrypt-siteextension): https://github.com/ohadschn/letsencrypt-webapp-renewer

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered

@MartinMeixger-1476 While we’re working on supporting apex domain, a current tentative workaround we suggest is to forward apex domains to subdomain such as www. If you are using App Service Domain, you can forward your domain by going to Advanced Management portal of the domain resource.

Attached screenshots show the steps.

alt text


alt text
alt text



demo1.png (19.5 KiB)
demo2.png (24.2 KiB)
demo3.png (18.9 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.