.(* )There are lots of let’s encrypt automated tools for azure however I likewise wished to see if I might utilize certbot in wsl to produce a wildcard certificate for the azure Friday site and after that submit the resulting certificates to azure app service.
Azure app service eventually requires a particular format called dot PFX that consists of the complete certificate course and all intermediates.
Per the docs, App Service personal certificates should fulfill
the list below requirements: Exported as a password-protected PFX file, secured utilizing triple DES.
- Includes personal secret a minimum of 2048 bits long
- Includes all intermediate certificates and the root certificate in the certificate chain.
- If you have a PFX that does not fulfill all these requirements you can have Windows reencrypt the file.
I utilize WSL and certbot to develop the cert, then I import/export in Windows and submit the resulting PFX.
Within WSL, set up certbot:
sudo apt upgrade
sudo apt set up python3 python3-venv libaugeas0
sudo python3 -m venv/ opt/certbot/
sudo/ opt/certbot/bin/ pip set up-- upgrade pip
Then I produce the cert. You'll get a good text UI from certbot and upgrade your DNS as a confirmation difficulty. Modification this to make certain it's
2 lines, and your domains and subdomains are appropriate and your courses are appropriate. sudo certbot certonly– manual– preferred-challenges= dns– e-mail [email protected]
-- server https://acme-v02.api.letsencrypt.org/directory
-- agree-tos-- manual-public-ip-logging-ok -d "azurefriday.com" -d "*.azurefriday.com"
sudo openssl pkcs12 -export -out AzureFriday2023.pfx
- inkey/ etc/letsencrypt/live/ azurefriday.com/privkey.pem
- in/ etc/letsencrypt/live/ azurefriday.com/fullchain.pem
I then copy the resulting file to my desktop (examine your desktop course) so it's now in the Windows world.
sudo cp AzureFriday2023.pfx/ mnt/c/Users/ Scott/OneDrive/Desktop.
Now from Windows, import the PFX, keep in mind the thumbnail and export that cert.
Import-PfxCertificate -FilePath “AzureFriday2023.pfx” -CertStoreLocation Cert: LocalMachineMy
- Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Force) -Exportable
Export-PfxCertificate -Cert Microsoft.PowerShell.SecurityCertificate:: LocalMachineMy597THISISTHETHUMBNAILCF1157B8CEBB7CA1- FilePath 'AzureFriday2023-fixed. pfx' -Password (ConvertTo-SecureString -String 'PASSWORDHERE' -AsPlainText -Force)
Then submit the cert to the Certificates area of your App Service, under Bring Your Own Cert.
Then under Custom-made Domains, click Update Binding and choose the brand-new cert (with the current expiration date).
Next action is to make this a lot more automated or choose a more automatic service however for now, I’ll stress over this in September and it fixed my costly Wildcard Domain concern.
.
.
.
.
About Scott
Scott Hanselman is a previous teacher, previous Chief Designer in financing, now speaker, specialist, daddy, diabetic, and Microsoft staff member. He is an unsuccessful comic, a cornrower, and a book author.
About
Newsletter Hosting By
.
.
.
.
. . .
.