Archive for the 'Azure' Category

Azure CDN Endpoint Certs Bummer

I have a site (Michael’s World) that uses an Azure CDN Endpoint.  I have shared here before that you can use this to share static web content.  I had it setup with the apex/root domain and went to update the cert.  (You have to bring your own cert or pay for a cert for the apex/root).
When I went to renew, I couldn’t get it to work. I kept getting an error:

Failed to update custom domain properties

Sorry, it looks like there was an error on our end. Please contact Support if you keep having this problem.

Turns out, Azure supports "Let’s Encrypt X3".  Unfortunately, Let’s Encrypt isn’t using that anymore.  They are using “Let’s Encrypt R3” as of December 8th, 2020.   Looks like I am out of luck on the apex/root cert until Microsoft updates support.

Redirect Http to Https using Azure CDN

In my recent efforts to move my one page, static content website, I have had a few challenges.  First let me say, those challenges were most certainly due to my ignorance, and not due to the technology in use.  Also, some of my issues are related to trying to make a simple task more complicated than it needs to be (for learning purposes, not for contrariness).

First, it is really easy to setup a static website using an Azure Storage Account.  It really can be done in just a few minutes.  If you don’t care about the URL used to access it, the process can be done in a matter of minutes.

So, to make it take longer, and be more complicated, I first set it to require HTTPS.  Then, I wanted to use my own domain name.  Then I didn’t want to have to put in ‘www’ at the beginning, and lastly, I wanted to be able to get to it without remembering to type https at the beginning of the URL.

There are many tutorials and walk throughs on how to do all of this, so I am just going to point out the thing I didn’t realize until the end.  The CDN endpoint has a ‘Rules Engine’.  You can set some complicated rules, but the one I needed was very simple.  If the request comes in as HTTP, redirect to HTTPS.  Easy, and it worked the first time.  How about that?


Finally got it all working

I have been on a quest the past few days to move one of my websites to Azure.  Overall, it isn’t really that difficult, but it also isn’t very clear.

First, I created an Azure Storage Account, and enabled it for static website capability.  Then, because I don’t like easy, I enabled it for HTTPS/TLS 1.2.  That means it needs a certificate.  Good news!

Azure CDN can be used to front your static website and provide the HTTPS function.  It will even create and manage the cert for free!

Except, it can’t / won’t do that for apex/root domains.  So you have to use the www (or something less obvious) or bring your own cert.

Good news!  Let’s Encrypt has free certs!  But they expire every 90 days. 

I have a few months to go buy a longer lived cert, or build a way to more effectively and efficiently update the Let’s Encrypt cert.

Wish me luck!

Skip the www (part 2)

Many moons ago, I figured out how to get my websites to be accessible without the www subdomain.  When I recently moved one of my three websites to Azure, I didn’t immediately solve that problem.  As the website isn’t ever visited and isn’t important, this isn’t an issue, but I do want to solve it going forward.

So here is the next tutorial…

As I posted about previously (here), I moved that site using Azure Storage static websites, and put it behind a CDN so I could have https, and my own custom domain associated with it.  In this post, we are going to ‘Configure an alias record to support apex domain names (with CDN) Traffic Manager.  The article is written for Traffic Manager, but we are going to use the same article for CDN.

The important part is the “Create an alias record”.  You can do this if your DNS is hosted in Azure (mine is).  Go into your DNS zone, click on the + to add a record set.  when it comes up leave the name blank, click ‘Alias record set’.  When you do that, you get some options.  For this instance, we are looking at the Azure resource alias type.


Be sure to select the correct subscription, and the correct Azure resource.  Notice that a CNAME record for apex domain onboarding will be created to verify the domain.


After that, I tried to go back to the CDN and enable the Custom Domain HTTPS for the apex (root) domain.  evidently that is no longer supported:


Guess that means I need to ‘bring my own’.  That is going to be another post.


I currently own 3 domains, one of which you are visiting now.  Another domain I own is much less useful, and really was the result of a joke.

I have until now hosted it on a Windows Server, and wanted to move it to Azure.  It isn’t a very complicated as it is just a single page.  I had help building it many years ago, and the key element on the page was a (yuck) Flash image. 

So I started out the afternoon with the desire to move it to Azure, into a storage account, and serve it up as static web content.  Easy.  No problem.  Except…

The original home doesn’t have https.  Why would it?  It is around 15 years old and has a single static page.

It also has a Flash swf as the primary element.  Well, that isn’t good.

I also don’t like to do things the easy way, because I like to take easy things and  use them to understand more complicated concepts.

So… here goes:

First to fix the page, so that it isn’t using flash.  I could just put a static image, but in this case, that just feels wrong.  So in a ‘flash’ of brilliance, I asked my friend which tool he uses/recommends for creating gif files.  He said he uses ‘gifcam’ and then since I asked him he went and found another one in just a few minutes.  He now uses (and I used) ‘screentogif’.  You can find it with a quick search.

So I used screentogif to record the swf and then save it as a gif.  (Link to the results at the bottom).  One problem down, two (at least) to go.

Next I went through this tutorial (sort of) to figure out how to configure Blob Storage to host static web content. 

So I created the storage account, enabled Static website, and set the default document name.  I already had content, so I didn’t need the ‘hello world’ part.  I was going to work on integrating this deployment into a CI/CD pipeline, but bailed on it because I found a link on the page that needed to be updated (it wasn’t safe for work, though it had been originally).  I needed to get this deployed and replace the current site.

Using VS Code to deploy works very well per the tutorial.  I will work on the CI/CD part for one of the other sites I need to move.

Next problem, repointing my DNS.  Easy, just follow the next tutorial.  Which is where I hit the problem with HTTPS vs HTTP.  I could easily just not require a secure connection and get it to work, but I want to move my stuff to HTTPS because it is good practice.

But to do that you have to enable Azure CDN for your blob or web endpoint.  So on to the next article.  At least Microsoft is getting better with their documentation, and this part is pretty straight forward.  Once you follow a couple of steps, you get your content served up via CDN over HTTPS. 

Next, we need to add the custom domain to the CDN endpoint.  That article is here.  In the article, it talks about how to do a temporary mapping to avoid down time.  None of my sites are critical.  Downtime isn’t an issue, so I skipped that part.

Once I swapped over to the CDN location, the site was available via HTTPS, but there was a certificate error.  to fix this, click on the CDN Custom Domain, and turn on the custom domain HTTPS.  It is evidently free and managed by Azure.


That process takes a few minutes and you should have your CNAME in place before you kick it off, so that you don’t have to wait for an email to authorize it.

I know that this has been a long post, and if I wasn’t lazy, I would break it up into multiple posts, with more pictures.  But, I am lazy, so this is what you get.

What is this CI/CD thing? Let’s do a tutorial!

Well, according to Wikipedia, CI/CD is:

In software engineering, CI/CD or CICD generally refers to the combined practices of continuous integration and either continuous delivery or continuous deployment. CI/CD bridges the gaps between development and operation activities and teams by enforcing automation in building, testing and deployment of applications.

So, of course I get what that is, but frankly, I am not a developer.  If you came here for guidance from a developer, you really got lost.

I do write a decent amount of PowerShell scripts, but nothing on the order of actual development.  I spend a good deal of time trying to understand the weirdness that is the Dev mind, but never enough to get proficient.  In my quest to improve on this blog (and eventually a couple of other sites I have) I am going to work through the tutorial here:

First up, create the CI/CD pipeline.  You do this by signing into Azure, and adding the DevOps Starter.  As you create it, it gives you options to load a new web app with a variety of languages.  For our purposes, we are going to ‘Bring your own code’.


For this, I created a new Repo in DevOps.  When you are choosing your repository, you can select Git, BitBucket or Other Git.  I selected “Other Git, and entered the repository URL.  It is mine, not yours so it is private, and I need to enter credentials:

To get the URL and credentials, in Azure DevOps, go to Clone your repository, and copy the hyperlink and click on the ‘Generate Git Credentials’ button.  Copy all of that over to the Code repository screen.

I am going to chose a non-Dockerized ASP .NET Core Framework, and a Windows Web App.


For the create step, you can name everything.  If you click on additional settings, you can change the pricing tier.


Once you do that, it will deploy.  This creates a DevOps Project, an Azure Resource Group for the DevOps Starter and applicable resources in the Resource Group you gave it for the deployed solution. 

I actually went through this a few different times to fully understand what I was doing.  I don’t work in a development role, but I do enjoy building stuff.  It can be a bit much to understand/remember/follow if it isn’t something you either need or do often.  Don’t forget to remove any resources you create for this that you aren’t planning on continuing to use.  If you are new to Azure, you can get some free credits to help you learn.  It can get expensive if you aren’t paying attention to what you are doing.