SSL Cert broken for FSSnip website.

[Tombert]

Howdy all....The title basically says everything. Here is a screenshot:

[tpetricek]

Hmm, I'm not sure what is the best option for us here. The site is hosted on Azure as an Azure Web Site. Is there some simple guide for configuring https in this scenario?

[rmunn]

https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-tutorial-custom-ssl says that you need to be at least at the Basic tier of service to use your own SSL certificate; Free and Shared tiers only allow you access to one of Azure's *.azurewebsites.net wildcard certs (which is what the fssnip.com website currently has, hence the warning because the DNS name doesn't match the cert's common name).

Getting free SSL certificates is no longer a problem thanks to https://letsencrypt.org/, but if you're trying to not pay too much for the fssnip.net site, then you might not want to upgrade to the Basic tier. Maybe the F# Software Foundation might be willing to help pay for the site to be upgraded to the Basic tier? It would be an ongoing expense, so they might or might not want to do it, but it's probably worth considering asking them about it.

[tpetricek]

I think I’m already hosting fssnip.net on the basic tier, so this should work. Is there some clear step-by-step guide on how to do this? Alternatively, I’m happy to share the access rights for the Azure hosting (assuming there is a way to do this) with anyone who can set this up :-).

[rmunn]

Depends on whether Azure gives you shell access so you can run command-line tools. If you have shell access, then https://letsencrypt.org/getting-started/ is probably the best guide to using their certbot script that does pretty much all the steps for you. (Though it's worth reading the documentation to understand what is happening, so that you can make sure that the cert is properly renewed every 90 days).

If you don't have shell access, then https://manurevah.com/blah/en/p/Letsencrypt-Manual-mode looks like a pretty decent guide to running the Let's Encrypt client in manual mode. The gist of manual mode is: you create the certificate request. Then the Let's Encrypt server asks you to prove that you control the domain, by putting a certain piece of (randomly-generated) data into a publicly-accessible URL like http://example.com/.well-known/acme-challenge/long-string-of-random-letters. You set that up, then tell the server "Okay, verify me". They verify that that URL does contain the right piece of data, which proves that you do control that domain, and then they issue you a standard SSL certificate, which you then upload to your hosting provider via whatever steps your provider wants you to use for uploading a certificate. (For Azure, it looks like this is how you upload an SSL cert.)

NOTE: I haven't done any of this myself yet, just heard from colleagues that it was pretty easy. So I can't guarantee that those are the best or easiest-to-follow guides out there: there may be others that I missed. But that should hopefully be enough to get you started.

[ssimontis]

Check out this repo for a tool that should make this fairly straightforward. If you need help, I do plenty of DevOps stuff and can lend a helping hand.