Create A Domain In Azure And Get A Free SSL Certificate And Link With Web App

We will see how to create an App Service Domain in Azure and we will get a free SSL certificate from Let’s Encrypt Authority. We will also create a Web App in Azure and link with this domain. Later we will create a Blazor app from Visual Studio 2017 and will publish to Azure Web App. We will see our Blazor app run with custom domain and SSL certificate.

Introduction

In this post, we will see how to create an App Service Domain in Azure and we will get a free SSL certificate from "Let’s Encrypt" Authority. We will also create a Web App in Azure and link it with this domain. Later, we will create a Blazor app from Visual Studio 2017 and will publish to Azure Web App. We will see our Blazor app run with custom domain and SSL certificate.

To enable HTTPS on your website, you need a certificate from a Certificate Authority (CA). “Let’s Encrypt” is a non-profit Certificate Authority. In order to get a certificate for your website domain from "Let’s Encrypt", you must have control over the domain. With "Let’s Encrypt", you do this using software that uses the ACME protocol, which typically runs on your web host.
 
We will use "SSL For a Free site" to create an SSL certificate. We can see all the steps, one by one.

Create App Service Domain in Azure

Log into Azure.

Create a resource -> Search for “App Service Domain” and choose the blade.
 
 
 
We can choose “App Service Domain” from the below list by double-clicking it.
 
 
 
We can search for a domain.
 
 

It will list all the available domains. We must choose at least one domain to proceed further.

Give valid contact details and click the “OK” button.

 
 
We can enable or disable privacy protection. Please note that in Azure, domain privacy protection is free.
 
 
We must accept the legal terms. Please note that currently, GoDaddy is the domain registrar for Azure app service domains.
 
 

After accepting the legal terms, we can click the “Create” button to create the domain. It will take some moments to create a new domain.

If you look at all resource details, you can notice that there are two resources created now. One DNS zone is also created with Domain. We will use this DNS zone to add some TXT records (for adding SSL certificate).
 
 
If you open the DNS zone, you can see below details. Currently, there are one NS record and SOA record available. We will add more records later.
 
 

Free SSL Certificate Creation

We have successfully created the domain. We can now create an SSL certificate for this domain.

We are going to create the certificate from Let’s Encrypt Authority. As I mentioned earlier this is a non-profit organization supported by many famous companies.

We will use sslforfree.com site to create our certificate.

Please enter your website name and click “Create Free SSL Certificate” button

 
You can choose any of below three options to verify your domain name. We have access to DNS zone in Azure, hence I choose the third option.
 
You can click “Manually Verify Domain” button to proceed.
 
 
 
We have received two TXT records now. We must add these records to Azure DNS zone to verify our domain. You can copy these values and save in Azure DNS zone.
 
 
 
You can go to DNS zone in Azure portal and click add “Record set” button to add these records.
 
 
Please select Type as “TXT” and "TTL" unit as “Seconds”.
 
 
 
We can add a second record too.
 
 
 

We have successfully added two record sets to DNS zone. We can verify the domain now.

Go to the sslforfree.com site and click below links one by one.

 
 
 
You will get a message as shown below after successful validation.
 
 

You can repeat the same step for the second record also.

Now we can download the certificate by clicking the “Download SSL Certificate” button. You will get a certificate as three parts.

  1. Certificate
  2. Private Key
  3. CA Bundle
 
We can download the certificate files by clicking the button. You will get a Zip file and you can extract this Zip file. This file contains 3 files as mentioned above.
 

Please note that this is CRT files. Azure requires PFX files to create private SSL certificate.

We can use SSL Converter tool to make a PFX file. You can upload a certificate, private key, and bundle file and click “CONVERT” button to create a PFX file.

Please remember the password given in this conversion. We will use this password to upload this certificate to Azure.
 
 

After a successful conversion, one PFX file will be generated and we can download this file. Please note that this is again a Zip file and we can extract PFX file from this Zip file. We will upload this certificate file to Azure later.

Create a Web App in Azure.  We have successfully created SSL certificate for our Domain. Now, we can create a Web App and link with this domain.

We need to give a valid name to Web App and choose resource group.

 
 
We can also create an App Service plan for our Web App by clicking the App Service plan blade.
 
 

Please choose Pricing tier as “S1 Standard”. If you choose a basic plan, you can’t link with custom domains.

After choosing the Service plan, you can click the “Create” button to proceed further. Our App will be ready in some moments. You can open App Service and choose “Custom domains” to add the custom domain name in this Web App.

 
 
You can click "Add hostname” button to add hostnames.
 
You can add the hostname and click “Validate” button to proceed further.
 
 
 
You can choose the record type (I choose as “A record”) and add hostname.
 
 
We can add the second hostname (with “www”) also. This time, we choose “CNAME” as the record type.
 
 
 
We have successfully added both the hostnames to our Web App.
 
 

Before adding binding to our hostnames, we must upload SSL certificate (we previously obtained from CA) to Azure.

Choose “SSL Settings” blade.
 
 
Enable “HTTPS Only”.
 
 
Choose “Private Certificate(.pfx)” tab and click “Upload Certificate” button to upload our certificate.
 
 
 
You can choose a certificate from the local system (which we have already downloaded) and give the password (This password should be the same as the password we were given at certificate creation time).
 
 
After clicking “Upload” button, a certificate will be uploaded to Azure account. You can see the entire certificate details by clicking it.
 
 
 
We can go to the “Bindings” tab and click “Add SSL Binding”.
 
 
You can choose the hostname from the dropdown list and add.
 
 
After choosing the hostname, you can select the certificate and SSL Type. (I choose it as “SNI SSL”).
 
 
 
 We can add binding to the second host also.
 
 

We have successfully added binding for both hosts.

We can check the Web App now. Our application is working fine. Please note this is the default page only. We have not yet published any web applications to this Web App.

 
 

Create Blazor app and deploy to Azure Web App

We can create a Blazor app from Visual Studio 2017 and deploy to this Web App.

I have already explained the basics of Blazor application creation in my previous C# Corner articles. In this post, I will not cover those details. We can directly go to publish option.
 
We can choose the “Select Existing” option and click the “Publish” button.
 
 
 
Choose the existing Web App and click “OK” button to publish.
 
 
After sometimes, our Blazor app will be deployed to Azure Web App. We can check it by browsing the Web App.
 
 
 
Conclusion 

In this post, we have created an App Service Domain in Azure and we have created an SSL certificate for this domain in SSL For Free site. We have obtained this certificate from Let's Encrypt Authority. Also, we added two TXT records to the DNS zone of a domain and verified with the certification authority. We have downloaded and converted certificate to PFX format. After that, we have created a Web App and added hostnames to this Web App. We have uploaded SSL certificate and bind with hostnames. Finally, we have created a sample Blazor application in visual studio 2017 and deployed to Azure Web App.