Archive for October 9th, 2020

Finally got it all working

I have been on a quest the past few days to move one of my websites to Azure.  Overall, it isn’t really that difficult, but it also isn’t very clear.

First, I created an Azure Storage Account, and enabled it for static website capability.  Then, because I don’t like easy, I enabled it for HTTPS/TLS 1.2.  That means it needs a certificate.  Good news!

Azure CDN can be used to front your static website and provide the HTTPS function.  It will even create and manage the cert for free!

Except, it can’t / won’t do that for apex/root domains.  So you have to use the www (or something less obvious) or bring your own cert.

Good news!  Let’s Encrypt has free certs!  But they expire every 90 days. 

I have a few months to go buy a longer lived cert, or build a way to more effectively and efficiently update the Let’s Encrypt cert.

Wish me luck!

Let’s Encrypt

As I posted previously, I am working on moving all of my websites to Azure.  I started with the easiest one, which is a static page.  So far, I have moved it, and it is now reachable via HTTPS, but not without the ‘www’.  While that isn’t important for that particular site, it is important for this site, because there are at least 10 links to this site from external pages.  (Mostly people who copied the wrong link when they got lost and found themselves here, but still…)

If you haven’t heard about it:

”Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).”

Since I am not making money off of any of my sites, I am happy with the ‘free’ price.

Let’s Encrypt is geared toward making certificate renewal easy and automated.  As I have mentioned before, easy doesn’t always work for me. 

The way you work with Let’s Encrypt is via software running the ‘ACME protocol’.  In this case, ACME is Automatic Certificate Management Environment.  In this post, we are going to remove as much of the ‘Automatic’ as possible.

First up, I am a Windows guy, and at the moment, I am really not interested in automating the certificate process.  (I will be later, but not today.)  So I first download the Certbot installer for Windows at

https://dl.eff.org/certbot-beta-installer-win32.exe

and then get complained at by my computer because this isn’t often downloaded, and looks funny.

Once you install it, navigate to the install directory and run the ‘run.bat’.  It wants to run elevated, and begins with the friendly instruction to run ‘certbot’ commands here, and tells you how to find help:
image

To get to where I need to go, I need to do the Cert only option:

image

Enter your email, agree to the Terms of Service, agree to be emailed (or not) by EFF, and then enter your domain names.

image

Fun fact, they log the IP requesting the cert.  I am requesting it from a computer that is NOT the host for my domain.  Also, I need to get the cert to make the root work, so I need to use the DNS challenge.  To get to that, I needed to run ‘certbot –manual –preferred-challenge dns’.  After running that, it gives me a DNS TXT entry to add, which will verify I own the domain.  Once the text value is entered, hit enter to continue, and get your cert:
image

Skip the www (part 2)

Many moons ago, I figured out how to get my websites to be accessible without the www subdomain.  When I recently moved one of my three websites to Azure, I didn’t immediately solve that problem.  As the website isn’t ever visited and isn’t important, this isn’t an issue, but I do want to solve it going forward.

So here is the next tutorial…

As I posted about previously (here), I moved that site using Azure Storage static websites, and put it behind a CDN so I could have https, and my own custom domain associated with it.  In this post, we are going to ‘Configure an alias record to support apex domain names (with CDN) Traffic Manager.  The article is written for Traffic Manager, but we are going to use the same article for CDN.

The important part is the “Create an alias record”.  You can do this if your DNS is hosted in Azure (mine is).  Go into your DNS zone, click on the + to add a record set.  when it comes up leave the name blank, click ‘Alias record set’.  When you do that, you get some options.  For this instance, we are looking at the Azure resource alias type.

image

Be sure to select the correct subscription, and the correct Azure resource.  Notice that a CNAME record for apex domain onboarding will be created to verify the domain.

image

After that, I tried to go back to the CDN and enable the Custom Domain HTTPS for the apex (root) domain.  evidently that is no longer supported:

image

Guess that means I need to ‘bring my own’.  That is going to be another post.

 https://theworldrevolvesaroundmichael.com/