Set up Auto-Renewing Let’s Encrypt Certificates on App Service Linux

Set up the ability to assign auto-renewing Let’s Encrypt certs to an Azure App Service Linux instance with shibayan’s appservice-acmebot. This will create a Function App that automatically updates the App Service as needed.

Before getting started, you’ll need to have a few things:

• An Azure App Service (Linux-based).
• DNS records being served using Azure DNS.

Procedure

First, deploy the solution to your Azure subscription. Use the following for configation:

• Resource group – certbot-rg
• App Name Prefix – certbot-fa
• Mail Address – your email address.

Next, set up the ability for the Certbot function app to access your Linux App Service

• Select ‘App Service Authentication’ to on.
• Set ‘Log in with Azure Active Directory’
• Set up the ‘Azure Active Directory’ Auth Provider
  • Set Management mode to ‘Express’
  • Create a new AD app
• Save changes.

Now, assign the Website Contributor and Web Plan Contributor roles to the Certbot function app:

Finally, restart the function app and access the Function App URL (https://_your-function-app_.azurewebsites.net/add-certificate). You should be able to see the UI showing the available RGs and App Names available (access can take 30-60 minutes to reflect in Azure, so if you’re seeing a 401, wait a while for things to resolve):

Once the certificate is added, you’re all set! Renewals will automatically occur, as the app will scan regularly to check when to renew the certs.