SSL encryption for everyone

However, if you also want to secure subdomains like admin.robert-brands.com, you need another certificate. At some point, a so-called wildcard certificate, which can be used for all sites according to the *.robert-brands.com pattern, is worthwhile. However, this costs more than 200 EUR. And if you have other domain names, you need more certificates. So that's going to really cost you money.

"Let's Encrypt" provides a remedy here.

The idea of Let's Encrypt is to make certificates available to everyone for free. However, the certificates are only valid for 3 months and it is expected that a mechanism for automatic renewal will be put in place. On the documentation page you will find a detailed description of how this is implemented for different operating systems or e.g. for Wordpress.

Azure Web Sites unfortunately don't support Let's Encrypt yet, but there is support from a diligent developer who has built a corresponding site extension . The installation is a bit fiddly, Scott Hanselman has described the whole thing a bit more handy

I got along well with his description when I tried the whole thing. It's also worth reading the comments, there are still some hints. In any case, this site now also supports robert-brands.de and not only robert-brands.com via SSL. Now I just have to wait and see if the automatic renewal of the certificate works in three months...

[Update 24.7.2018] If you work with deployment slots, e.g. to deploy a new version of the web app into the staging slot and then replace it with the production slot, you have to be careful: You have to bind the application settings to the production slot or repeat them in all slots. In addition, the WebJob created by Let's Encrypt will be lost. It will be created again when you update the extension in the WebApp. After that, everything is up and running again. Overall, however, it is unsatisfactory and it is to be hoped that Azure will offer support for Let's Encrypt at some point.