for a nodejs site in azure


“If your website doesn’t collect sensitive data, like credit cards or social security numbers, you may not have needed an SSL certificate in the past. However, with the new browser notices, it’s now important to ensure every website has an SSL certificate and is loaded via HTTPS. Also moving towards more progressive web applications, HTTPS is a requirement”. So before the summer I decided to set up SSL for my blog.

Historically certificates have always been a pain in the @$$ to maintain. Remembering expiry dates and updating all your server(s). A trusted SSL certificates is/was also expensive and perhaps not something you would generally do for a simple little blog. But now you can secure your site for free!!. Presenting Let’s Encrypt, a free, automated, and open Certificate Authority. Moving to Progressive Web Apps HTTPS is a requirement

In this post I am securing which is a nodejs app running in azure with a simple azure table storage

What you need:

  • Azure storage connection string – You’ll need this in order for the extension to store state.
  • Resource name – the name resource we are securing
  • Application/Client Id – we need to create an application and grant it access to the resource
  • Tenant Id – usually something like
  • Subscription Id – as it says
  • Client Secret -the Id of the key to the app we will create

below is a guide how to obtain the above pieces of information.

Step 1

Log in to your azure account in the portal and head over to the Active Directory section

azure active directory

Create a new application

fill in the form( Single Sign On can be any valid url as far as I know)

create new app
app settings

Copy the Application ID (sometimes called Client ID) and save it for later. don’t lose it!!!!!!

Step 2

Now click Settings and select Keys

app settings keys
azure keys

create a new key called e.g “login” with a password of your choice and click Save. COPY THAT VALUE!!!!. It won’t be displayed again.. EVER!. This is your client secret. Important!!!

Step 3

Now go to the resource group you want to secure and select your App Service

azure resources

click on the access control link and add a new access to the lets encrypt app we created in step 1 (you should be able to find it by starting typing the name of the app)

azure access control

Step 4

Finding your Tenant and subscription Id.

Head back to your App Service overview blade.

finding your tenant and subscription ids

for the tenant id click on your subscription the tenant id is usually something like
and the subscription id is a GUID

Step 5

Go back to your App Service and find the extensions link click add and search for the Lets encrypt extension

azure extensions
lets encrypt extension

don’t select the one without web jobs as the 3 month renewal will be a manual process (I believe)

fill in the form with the detail you save from previous steps (you should have all the information saved in your favourite text editor)

Set up Lets Encrypt

The Client Id is your Application ID (from step 1)

Click next until you get to where you get to select what URLs should be encrypted. selected both your and the naked URL (by holding down control)

hopefully after this you will get a success message

azure active directory

Step 6

Then head back over to the App Service and go to the SSL section

azure active directory

Select SSL only

azure active directory

Now cross your fingers (and toes if you wan’t to be on the safe side) and try it out (well your own domain in your case)



Step 7

after your 3 months are up make sure your certificate has updated

Go to your storage account

azure active directory
azure active directory

check that this has been updated

azure active directory

you will also know pretty soon as you will get a certificate expired warning when you visit your site


Pin It on Pinterest

Share This

Share This

Share this post with your friends!