Azure App Service free Managed Certificate for SSL/TLS

Martin Meixger 56 Reputation points
2019-11-04T21:13:15.173+00:00

So free "Managed Certificate" is now available in Preview and it doesn't support naked/apex domains.
azure.microsoft.com/announcement

Now it's a SEO best practice to stick to either 'www' or no 'www' and do a 301 redirect.

How are we supposed to do a https://contoso.com to https://www.contoso.com redirect?

Seems we have to stick with Let's Encrypt for now.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,690 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. Paul Shell 11 Reputation points
    2019-11-04T23:35:53.593+00:00

    For apex or wildcard you'd need to bring your own cert. LetsEncrypt is awesome.

    To redirect from apex to www, you can bind the apex to the ip of a Function. Then inside the function do a redirect. Of course then the redirect Function App would need a cert.

    2 people found this answer helpful.

  2. Martin Meixger 56 Reputation points
    2019-11-05T12:29:58.803+00:00

    For my understanding, supporting apex certificates is a quite basic feature that should be supported out-of-the box!

    So basically, for now, Microsoft Managed Certificates are not very useful.

    For reference, i'm using successfully https://github.com/shibayan/appservice-acmebot:

    This function provide easy automation of Let's Encrypt for Azure App Service. This project started to solve some problems.

    ✔ Support multiple app services

    ✔ Simple deployment and configuration

    ✔ Robustness of implementation

    ✔ Easy monitoring (Application Insights, Webhook)

    They can manage multiple App Service certificates with single Function App.

    2 people found this answer helpful.
    0 comments No comments

  3. Ryan Hill 25,216 Reputation points Microsoft Employee
    2019-11-05T19:16:27.737+00:00

    Hi @Martin Meixger , the product group is exploring supporting such a feature, but nothing definite at this point in time. I would advise submitting feedback.

    1 person found this answer helpful.
    0 comments No comments

  4. ohads 16 Reputation points
    2019-11-05T21:46:14.537+00:00

    Shameless plug, since it looks like Let's Encrypt is still needed, here's my solution (based on letsencrypt-siteextension): https://github.com/ohadschn/letsencrypt-webapp-renewer

    1 person found this answer helpful.
    0 comments No comments

  5. SnehaAgrawal-MSFT 17,771 Reputation points
    2019-11-07T06:08:18.777+00:00

    @MartinMeixger-1476 While we’re working on supporting apex domain, a current tentative workaround we suggest is to forward apex domains to subdomain such as www. If you are using App Service Domain, you can forward your domain by going to Advanced Management portal of the domain resource.

    Attached screenshots show the steps.

    alt text

    alt text
    alt text

    1 person found this answer helpful.
    0 comments No comments