Following up on my previous post on this subject (https://www.henrybeen.nl/add-a-ssl-certificate-to-your-azure-web-app-using-an-arm-template/), I am sharing a minimal, still complete, working example of an ARM template that can be used to provision the following:
- An App Service Plan
- An App Service, with:
- A custom domain name
- The Lets Encrypt Site extension installed
- All configuration of the Lets Encrypt Site extension prefilled
- An Authorization Rule for an Service Principal to install certificates
The ARM template can be found at: https://github.com/henrybeen/ARM-template-AppService-LetsEncrypt
To use this to create a Web App with an Lets Encrypt certificate and to automatically renew that, you have to do the following:
- Pre-create a new Service Principal in your Azure Service Direction and obtain the objectId, clientId and a clientSecret for that Service Principal
- Fill in the parameters.json file with a discriminator to make the names of your resources unique, the obtained objectId, clientId and clientSecret, a self-choosen GUID to use as the authorizationRule nameand a customHostname
- Create a CNAME record pointing from that domain name to the follwing url: {discriminator}-appservice.azurewebsites.net
- Roll out the template
- Open up the Lets Encrypt extension, find all settings prefilled and request a certificate!