Let's Encrypt SSL On Azure AppSevice Container


If we want to set up free SSL on our Azure website (using a custom domain), it's fairly easy when using Azure WebApps.
It's all done in few easy steps.
Go to Extensions:
And then select 'Azure Let's Encrypt' extension from the list.
We need to run an automatic wizard, the certificate will be issued and automatically bound to your custom domain.
But what if we are using containers on Azure WebApps and extensions are not available?
Well, it still can be done, but it requires little manual work. 
First, you will need either a Linux box or you can use WSL2 on Windows 10.
The following commands need to be executed in the command line:
  1. apt-get update  
  2. apt-get install certbot  
Next, we execute the command to issue a certificate (Note that we need to replace 'customdomain.com' with the domain we want to issue the certificate for).
  1. certbot certonly -d customdomain.com --manual --preferred-challenges dns  
We will be given instructions on how to verify your domain. We need to go to our DNS register and add TXT record for _acme-challenge.customdomain.com and insert the value provided in the instructions. After that, we can proceed, and a congratulations message is provided. The certificate is now issued and stored at /etc/letsencrypt/live/customdomain.com/. However, the web app requires a private certificate, so we have few additional steps.
  1. mkdir /tmp/cert -p  
  2. cd /tmp/cert  
  3. SOURCE=/etc/letsencrypt/live/customdomain.com  
  4. cp $SOURCE/{cert.pem,privkey.pem,chain.pem} .  
  5. sudo chown user *.pem  
  6. openssl pkcs12 -export -out cert.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem  
The last command will initiate a prompt for a password for the certificate. Make sure you remember the password used, since we will use it to import the certificate to the web app.
We select 'Custom domains' in our web app, click on 'Add binding' and select to upload the certificate,
Finally, select upload a certificate path and enter the password for the certificate (used when the export command was executed).
And we are good to go! SSL is set and we can access our application over HTTPS.