How to use certbot to create and add ssl certificate to a fastapi backend running on Linux VM

Siddhant Shah 0 Reputation points

I am creating a backend server - for the first time as a student developer, that serves my website hosted using app service - and since I use nextjs, it asks me to use a https server - i tried using a self signed certificate (but that is not enough), and now I am trying to use a subdomain of my website to create a certificate using certbot but I keep getting firewall issues or permission issues that I can't get past. can anyone please help me out by pointing me in the right direction by linking a video or a guide that is accurate? I read some Azure Vault solutions but (a) Don't think all docs are updated - Azure AD was recently changed to Entra ID and (b) Can't pay more money for certification! Especially if there's a way to use an Open Source solution.

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
6,033 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. brtrach-MSFT 11,936 Reputation points Microsoft Employee

    @Siddhant Shah Azure App Service is a PaaS cloud service offering, which typically has more restrictions in place. As a result, I do not believe that certbot will work on an Azure Web App.

    If you are looking for a free certificate to secure your subdomain, then Azure does offer that. It does have these limitations:

    • Doesn't support wildcard certificates.
    • Doesn't support usage as a client certificate by using certificate thumbprint, which is planned for deprecation and removal.
    • Doesn't support private DNS.
    • Isn't exportable.
    • Isn't supported in an App Service Environment (ASE).
    • Only supports alphanumeric characters, dashes (-), and periods (.).

    And these requirements for subdomains:

    • Must have CNAME mapped directly to <app-name> or Mapping to an intermediate CNAME value blocks certificate issuance and renewal.
    • Must meet all the above for successful certificate issuance and renewals.

    Here is the source documentation and where to learn more about this.

    0 comments No comments