Set up Auto-Renewing Let’s Encrypt Certificates on App Service Linux

Set up the ability to assign auto-renewing Let’s Encrypt certs to an Azure App Service Linux instance with shibayan’s appservice-acmebot. This will create a Function App that automatically updates the App Service as needed.

Before getting started, you’ll need to have a few things:

  • An Azure App Service (Linux-based).
  • DNS records being served using Azure DNS.

Procedure

First, deploy the solution to your Azure subscription. Use the following for configation:

  • Resource group – certbot-rg
  • App Name Prefix – certbot-fa
  • Mail Address – your email address.

Next, set up the ability for the Certbot function app to access your Linux App Service

  • Select ‘App Service Authentication’ to on.
  • Set ‘Log in with Azure Active Directory’
  • Set up the ‘Azure Active Directory’ Auth Provider
    • Set Management mode to ‘Express’
    • Create a new AD app
  • Save changes.

Now, assign the Website Contributor and Web Plan Contributor roles to the Certbot function app:

Finally, restart the function app and access the Function App URL (https://your-function-app.azurewebsites.net/add-certificate). You should be able to see the UI showing the available RGs and App Names available (access can take 30-60 minutes to reflect in Azure, so if you’re seeing a 401, wait a while for things to resolve):

Once the certificate is added, you’re all set! Renewals will automatically occur, as the app will scan regularly to check when to renew the certs.

Leave a Reply

Your email address will not be published. Required fields are marked *