for a nodejs site in azure
“If your website doesn’t collect sensitive data, like credit cards or social security numbers, you may not have needed an SSL certificate in the past. However, with the new browser notices, it’s now important to ensure every website has an SSL certificate and is loaded via HTTPS. Also moving towards more progressive web applications, HTTPS is a requirement”. So before the summer I decided to set up SSL for my blog.
Historically certificates have always been a pain in the @$$ to maintain. Remembering expiry dates and updating all your server(s). A trusted SSL certificates is/was also expensive and perhaps not something you would generally do for a simple little blog. But now you can secure your site for free!!. Presenting Let’s Encrypt, a free, automated, and open Certificate Authority. Moving to Progressive Web Apps HTTPS is a requirement
What you need:
- Azure storage connection string – You’ll need this in order for the extension to store state.
- Resource name – the name resource we are securing
- Application/Client Id – we need to create an application and grant it access to the resource
- Tenant Id – usually something like yourname.onmicrosoft.com
- Subscription Id – as it says
- Client Secret -the Id of the key to the app we will create
below is a guide how to obtain the above pieces of information.
Log in to your azure account in the portal and head over to the Active Directory section
Create a new application
fill in the form( Single Sign On can be any valid url as far as I know)
Copy the Application ID (sometimes called Client ID) and save it for later. don’t lose it!!!!!!
Now click Settings and select Keys
create a new key called e.g “login” with a password of your choice and click Save. COPY THAT VALUE!!!!. It won’t be displayed again.. EVER!. This is your client secret. Important!!!
Now go to the resource group you want to secure and select your App Service
click on the access control link and add a new access to the lets encrypt app we created in step 1 (you should be able to find it by starting typing the name of the app)
Finding your Tenant and subscription Id.
Head back to your App Service overview blade.
for the tenant id click on your subscription the tenant id is usually something like yourname.onmicrosoft.com
and the subscription id is a GUID
Go back to your App Service and find the extensions link click add and search for the Lets encrypt extension
don’t select the one without web jobs as the 3 month renewal will be a manual process (I believe)
fill in the form with the detail you save from previous steps (you should have all the information saved in your favourite text editor)
The Client Id is your Application ID (from step 1)
Click next until you get to where you get to select what URLs should be encrypted. selected both your www.yourdomain.com and the naked URL yourdomain.com (by holding down control)
hopefully after this you will get a success message
Then head back over to the App Service and go to the SSL section
Select SSL only
Now cross your fingers (and toes if you wan’t to be on the safe side) and try it out https://senordeveloper.net (well your own domain in your case)
after your 3 months are up make sure your certificate has updated
Go to your storage account
check that this has been updated
you will also know pretty soon as you will get a certificate expired warning when you visit your site