If you’re not switching all of your websites to utilize SSL encryption by default, you’re going to miss out on search results for many years to come! (see here for more info)
In the past, the notion of switching all your sites to use SSL would be daunting and a costly affair, especially if you have too many different websites to count (what, not everyone has this problem?).
I’ve been recently setting up a few websites on Azure for test purposes, and decided to look into how I could setup SSL for those sites. I came across a blog post from Rick Strahl regarding using Let’s Encrypt, for free SSL configurations. Basically with Let’s Encrypt, you can get a free SSL certificate, the main catch though is that they need to be renewed very frequently, they expire in 90 days.
From there I came across a Site Extension for Azure that can be setup to automatically configure, assign, and even renew these certificates. This takes quite a bit of work to get setup, but once setup, requesting certificates is super simple. As you add more “custom domains” to your Azure instance you can setup a new certificate for each. One problem I ran into however is that once I had setup two certificates, the extension started throwing an error when trying to add new certificates for domains. The error was:"
Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded. CloudException: Cannot update IP SSL Bindings because total number of allowed IP addresses per site will be exceeded.
This I believe is possibly due to my limitations on the Basic App Service that I have setup, where you are limited to SSL IPs, but you can have unlimited SNI SSL certs. Completing the binding process for the SSL certificate is easy, simply go to your Azure Portal, navigate to the App Service and then the SSL Certificates section. Click the Add SSL Binding button, choose your domain and select the appropriate certificate!
Boom, SSL setup and ready to go!
Update: Looks like I had a setting configured incorrectly in the Site Extension, I simply removed the web app setting
letsencrypt:UseIPBasedSSL see this thread: https://github.com/sjkp/letsencrypt-siteextension/issues/118#issuecomment-291241410