Set up the ability to assign auto-renewing Let’s Encrypt certs to an Azure App Service Linux instance with shibayan’s appservice-acmebot. This will create a Function App that automatically updates the App Service as needed.
Before getting started, you’ll need to have a few things:
- An Azure App Service (Linux-based).
- DNS records being served using Azure DNS.
First, deploy the solution to your Azure subscription. Use the following for configation:
- Resource group – certbot-rg
- App Name Prefix – certbot-fa
- Mail Address – your email address.
Next, set up the ability for the Certbot function app to access your Linux App Service
- Select ‘App Service Authentication’ to on.
- Set ‘Log in with Azure Active Directory’
- Set up the ‘Azure Active Directory’ Auth Provider
- Set Management mode to ‘Express’
- Create a new AD app
- Save changes.
Now, assign the Website Contributor and Web Plan Contributor roles to the Certbot function app:
Finally, restart the function app and access the Function App URL (https://_your-function-app_.azurewebsites.net/add-certificate). You should be able to see the UI showing the available RGs and App Names available (access can take 30-60 minutes to reflect in Azure, so if you’re seeing a 401, wait a while for things to resolve):
Once the certificate is added, you’re all set! Renewals will automatically occur, as the app will scan regularly to check when to renew the certs.