Yes, it is FREE and you heard it correct! If you are using Azure App Services Web Applications with custom domains, you can use App Services Managed Certificates for free.
Five years back I purchased a wildcard certificate from ssl.com and it’s up for renew but it comes with cost – more than $200/yr. I got notification that I have 30 days from yesterday before it expires. Clock started ticking and I have accepted the challenge – how can I be more productive and how can I get multi domain certificates for free? I know people are using Let’s Script certificate, and I thought why not using let’s script certificate? Well, that’s where challenge and innovation begins!
After few internet search, I came to this old blog post “Securing an Azure App Service Website under SSL in minutes with Let’s Encrypt” by Technology Evangelist Scott Hanselman. Let’s script certificate is free but it expires every 90 days. Therefore, it must be automated to make it work. There are two options caught in my mind – 1) Azure Let’s Script Extension by SJKP (do I wan to trust this guy SJKP?), 2) GetSSL – Azure Automation. Both the solutions are complex but I found GetSSL – Azure Automation is relatively easier for me. I am always suspicious on using extension but I thought why not looking at it since it was suggested by Scott! As I am reading the readme at github, I came across this disclaimer- “You should migrate off this extension and instead use the free SSL certificates offered by Microsoft https://learn.microsoft.com/en-us/azure/app-service/configure-ssl-certificate?tabs=apex#create-a-free-managed-certificate“. Thanks to SJKP, you saved me time and money since all of my web applications are using Azure App Service!
I followed the instructions at Create a free managed certificate, and with few clicks I was able to generate all the certificates and bind the certificates to respective custom domains.
The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service. Without any action from you, this TLS/SSL server certificate is fully managed by App Service and is automatically renewed continuously in six-month increments, 45 days before expiration, as long as the prerequisites that you set up stay the same. All the associated bindings are updated with the renewed certificate. You create and bind the certificate to a custom domain, and let App Service do the rest.
I understand it’s little bit of extra work to setup the managed certificates for multiple domains (as opposed to wildcard certificate) but it’s one-time (few minutes) job.
As per documentation, I created a CAA record at my domain registrar (GoDaddy) –
Tested the TLS through Qualys SSLLab and got an “A”! A is good enough for my blog application!
Managed certificates are good for 6 months but I don’t have to do anything after the initial setup. App Service will manage them automatically at no additional cost.
Comments are disabled at the blogs to avoid spams. If you have any feedbacks or comments, you are welcome to contact me over LinkedIn.