4

i am working on hosting a static site in Azure Blob Storage. With an azure cdn it is possible to have a custom hostname and SSL, which suits my needs.

I would like to use let's encrypt and make it renew itself. I suppose a good way to store the certificate would be to use an azure key vault.

I have found a lot of information to do this with azure web apps but none on how I would do this with azure storage.

Can anyone point me in a good direction, tell me how I should do this or point me to a complete solution? That'd be grand!

S. ten Brinke
  • 137
  • 5
  • Is this something you still want to do? Why do you specifically want to use Let's Encrypt? Is it simply because it's free? – ChrisGPT was on strike Feb 14 '20 at 19:33
  • 1
    It appears we get a free certificate from Azure CDN, so this is no longer required. But we want to use let's encrypt because it's free and used in the company often. – S. ten Brinke Feb 17 '20 at 15:02
  • A good reason for using Let's Encrypt is that there are known issues with Azure's free certificate feature, that has been bothering many people for a very long time. Not only doess thing get stuck in "Pending" state, but at the time of this writing, if you delete something in a pending state thinking that trying again will work, you get an 8 hour cooldown per endpoint. See for example: https://docs.microsoft.com/en-us/answers/questions/44917/azure-cdn-endpoint-stuck-on-pending-domain-validat.html – Kent Munthe Caspersen Feb 04 '21 at 10:05

1 Answers1

0

Basically, you'll need to use A-record to CDN endpoint resource and create cdnverify CNAME to the endpoint host. Read the full walkthrough on https://ssmertin.com/articles/exposing-azure-storage-on-domain-apex-with-letsencrypt-ssl/

nefo_x
  • 121
  • 4