Manually Updating a Let’s Encrypt Certificate for an Azure Web App

If you are making use of a Let’s Encrypt certificate (see installation instructions here) to secure the connection to your Azure Web App this certificate should auto-renew every three months.

However, sometimes it does not. In that case follow the instructions below to renew the certificate manually.

1. Connect to Azure Portal (portal.azure.com).

2. Navigate to your Web App via App Services.

3. Navigate to Development Tools| Extensions

4. Klik on the Azure Let’s Encrypt extention

Click on Browse

5. Now the Azure Let’s Encrypt configuration page will open for your Web App (https://<App Service name>.scm.azurewebsites.net/letsencrypt/).
Scroll the page down until you get to the Automated Installation-section.

Click Next

6. Verify by checking the expiration dates of the certificates that a new certificate has been installed.

Click Next.

7. Select the hostname to be affected.

Click Request and Install certificate.

After about a minute the page will show that the new certificate has been successfully installed (this can be verified by inspecting the secure lock icon in the address bar of the browser page of your website).

8. Next step is to clean up the expired certificates from your Web App. First click on the secure lock icon in the address bar of your browser when you are on your web site and choose to display the details of the certificate.

Find the Thumbprint-field of the certificate as depicted below.

The certificate with this thumbprint must not be deleted from Azure (see instructions below).

9. Now navigate to your Web Service in Azure | Settings | TLS/SSL settings | Private Key Certificate

Remove the expired certificates (and other certificates which are not in use) by clicking the ellipses after each certificate you want to remove and choosing Delete.

Note: Leave at least the active certificate identified by the thumbprint from the prvious step!

10. Now restart the Web Sevice and check the web site to make sure everything is working as expected.

Leave a Reply

Your email address will not be published. Required fields are marked *