Azure Web App with Let's Encrypt Certificate
- Install the Azure Resource Manager modules from the PowerShell Gallery
Install-Module AzureRM -AllowClobber
- Install the ACMESharp Module:
Install-Module ACMESharp -AllowClobber
All the code needed to set up a Web App, generate the certificate, and bind the certificate is contained in the CreateLetsEncryptWebApp.ps1 script. The script does the following:
- Creates a Web App with an App Service plan, if it doesn't exist already.
- Pauses to allow the user to set a CNAME to point to the Web App. It is important to complete this step before continuing or the Web App will not allow the custom DNS name.
- Creates an ACME Vault and registration (if it doesn't exist).
- Generates a new ACME identifier for the DNS name.
- Starts an HTTP challenge.
- Uploads appropriate challenge reponse to the Web App.
- Submits the challenge.
- Waits for challenge validation.
- Generates certificate.
- Binds certificate to the Web App
If the Web App already exists, it will simple generate a new cert and bind it, effectively renewing the certificate.
To call the script:
.\CreateLetsEncryptWebApp.ps1 -ResourceGroupName "RESOURCE-GROUP-NAME" ` -WebAppName "WEB-APP-NAME" -Fqdn "DOMAIN NAME" -Location "LOCATION (e.g. eastus)" ` -ContactEmail "EMAIL ADDRESS FOR REGISTRATION"