Archive for the 'Web Stuff' Category

Azure CDN Endpoint Certs Bummer

I have a site (Michael’s World) that uses an Azure CDN Endpoint.  I have shared here before that you can use this to share static web content.  I had it setup with the apex/root domain and went to update the cert.  (You have to bring your own cert or pay for a cert for the apex/root).
When I went to renew, I couldn’t get it to work. I kept getting an error:

Failed to update custom domain properties

Sorry, it looks like there was an error on our end. Please contact Support if you keep having this problem.

Turns out, Azure supports "Let’s Encrypt X3".  Unfortunately, Let’s Encrypt isn’t using that anymore.  They are using “Let’s Encrypt R3” as of December 8th, 2020.   Looks like I am out of luck on the apex/root cert until Microsoft updates support.

Redirect Http to Https using Azure CDN

In my recent efforts to move my one page, static content website, I have had a few challenges.  First let me say, those challenges were most certainly due to my ignorance, and not due to the technology in use.  Also, some of my issues are related to trying to make a simple task more complicated than it needs to be (for learning purposes, not for contrariness).

First, it is really easy to setup a static website using an Azure Storage Account.  It really can be done in just a few minutes.  If you don’t care about the URL used to access it, the process can be done in a matter of minutes.

So, to make it take longer, and be more complicated, I first set it to require HTTPS.  Then, I wanted to use my own domain name.  Then I didn’t want to have to put in ‘www’ at the beginning, and lastly, I wanted to be able to get to it without remembering to type https at the beginning of the URL.

There are many tutorials and walk throughs on how to do all of this, so I am just going to point out the thing I didn’t realize until the end.  The CDN endpoint has a ‘Rules Engine’.  You can set some complicated rules, but the one I needed was very simple.  If the request comes in as HTTP, redirect to HTTPS.  Easy, and it worked the first time.  How about that?


Finally got it all working

I have been on a quest the past few days to move one of my websites to Azure.  Overall, it isn’t really that difficult, but it also isn’t very clear.

First, I created an Azure Storage Account, and enabled it for static website capability.  Then, because I don’t like easy, I enabled it for HTTPS/TLS 1.2.  That means it needs a certificate.  Good news!

Azure CDN can be used to front your static website and provide the HTTPS function.  It will even create and manage the cert for free!

Except, it can’t / won’t do that for apex/root domains.  So you have to use the www (or something less obvious) or bring your own cert.

Good news!  Let’s Encrypt has free certs!  But they expire every 90 days. 

I have a few months to go buy a longer lived cert, or build a way to more effectively and efficiently update the Let’s Encrypt cert.

Wish me luck!

Let’s Encrypt

As I posted previously, I am working on moving all of my websites to Azure.  I started with the easiest one, which is a static page.  So far, I have moved it, and it is now reachable via HTTPS, but not without the ‘www’.  While that isn’t important for that particular site, it is important for this site, because there are at least 10 links to this site from external pages.  (Mostly people who copied the wrong link when they got lost and found themselves here, but still…)

If you haven’t heard about it:

”Let’s Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG).”

Since I am not making money off of any of my sites, I am happy with the ‘free’ price.

Let’s Encrypt is geared toward making certificate renewal easy and automated.  As I have mentioned before, easy doesn’t always work for me. 

The way you work with Let’s Encrypt is via software running the ‘ACME protocol’.  In this case, ACME is Automatic Certificate Management Environment.  In this post, we are going to remove as much of the ‘Automatic’ as possible.

First up, I am a Windows guy, and at the moment, I am really not interested in automating the certificate process.  (I will be later, but not today.)  So I first download the Certbot installer for Windows at

and then get complained at by my computer because this isn’t often downloaded, and looks funny.

Once you install it, navigate to the install directory and run the ‘run.bat’.  It wants to run elevated, and begins with the friendly instruction to run ‘certbot’ commands here, and tells you how to find help:

To get to where I need to go, I need to do the Cert only option:


Enter your email, agree to the Terms of Service, agree to be emailed (or not) by EFF, and then enter your domain names.


Fun fact, they log the IP requesting the cert.  I am requesting it from a computer that is NOT the host for my domain.  Also, I need to get the cert to make the root work, so I need to use the DNS challenge.  To get to that, I needed to run ‘certbot –manual –preferred-challenge dns’.  After running that, it gives me a DNS TXT entry to add, which will verify I own the domain.  Once the text value is entered, hit enter to continue, and get your cert:

Skip the www (part 2)

Many moons ago, I figured out how to get my websites to be accessible without the www subdomain.  When I recently moved one of my three websites to Azure, I didn’t immediately solve that problem.  As the website isn’t ever visited and isn’t important, this isn’t an issue, but I do want to solve it going forward.

So here is the next tutorial…

As I posted about previously (here), I moved that site using Azure Storage static websites, and put it behind a CDN so I could have https, and my own custom domain associated with it.  In this post, we are going to ‘Configure an alias record to support apex domain names (with CDN) Traffic Manager.  The article is written for Traffic Manager, but we are going to use the same article for CDN.

The important part is the “Create an alias record”.  You can do this if your DNS is hosted in Azure (mine is).  Go into your DNS zone, click on the + to add a record set.  when it comes up leave the name blank, click ‘Alias record set’.  When you do that, you get some options.  For this instance, we are looking at the Azure resource alias type.


Be sure to select the correct subscription, and the correct Azure resource.  Notice that a CNAME record for apex domain onboarding will be created to verify the domain.


After that, I tried to go back to the CDN and enable the Custom Domain HTTPS for the apex (root) domain.  evidently that is no longer supported:


Guess that means I need to ‘bring my own’.  That is going to be another post.


I currently own 3 domains, one of which you are visiting now.  Another domain I own is much less useful, and really was the result of a joke.

I have until now hosted it on a Windows Server, and wanted to move it to Azure.  It isn’t a very complicated as it is just a single page.  I had help building it many years ago, and the key element on the page was a (yuck) Flash image. 

So I started out the afternoon with the desire to move it to Azure, into a storage account, and serve it up as static web content.  Easy.  No problem.  Except…

The original home doesn’t have https.  Why would it?  It is around 15 years old and has a single static page.

It also has a Flash swf as the primary element.  Well, that isn’t good.

I also don’t like to do things the easy way, because I like to take easy things and  use them to understand more complicated concepts.

So… here goes:

First to fix the page, so that it isn’t using flash.  I could just put a static image, but in this case, that just feels wrong.  So in a ‘flash’ of brilliance, I asked my friend which tool he uses/recommends for creating gif files.  He said he uses ‘gifcam’ and then since I asked him he went and found another one in just a few minutes.  He now uses (and I used) ‘screentogif’.  You can find it with a quick search.

So I used screentogif to record the swf and then save it as a gif.  (Link to the results at the bottom).  One problem down, two (at least) to go.

Next I went through this tutorial (sort of) to figure out how to configure Blob Storage to host static web content. 

So I created the storage account, enabled Static website, and set the default document name.  I already had content, so I didn’t need the ‘hello world’ part.  I was going to work on integrating this deployment into a CI/CD pipeline, but bailed on it because I found a link on the page that needed to be updated (it wasn’t safe for work, though it had been originally).  I needed to get this deployed and replace the current site.

Using VS Code to deploy works very well per the tutorial.  I will work on the CI/CD part for one of the other sites I need to move.

Next problem, repointing my DNS.  Easy, just follow the next tutorial.  Which is where I hit the problem with HTTPS vs HTTP.  I could easily just not require a secure connection and get it to work, but I want to move my stuff to HTTPS because it is good practice.

But to do that you have to enable Azure CDN for your blob or web endpoint.  So on to the next article.  At least Microsoft is getting better with their documentation, and this part is pretty straight forward.  Once you follow a couple of steps, you get your content served up via CDN over HTTPS. 

Next, we need to add the custom domain to the CDN endpoint.  That article is here.  In the article, it talks about how to do a temporary mapping to avoid down time.  None of my sites are critical.  Downtime isn’t an issue, so I skipped that part.

Once I swapped over to the CDN location, the site was available via HTTPS, but there was a certificate error.  to fix this, click on the CDN Custom Domain, and turn on the custom domain HTTPS.  It is evidently free and managed by Azure.


That process takes a few minutes and you should have your CNAME in place before you kick it off, so that you don’t have to wait for an email to authorize it.

I know that this has been a long post, and if I wasn’t lazy, I would break it up into multiple posts, with more pictures.  But, I am lazy, so this is what you get.

What is this CI/CD thing? Let’s do a tutorial!

Well, according to Wikipedia, CI/CD is:

In software engineering, CI/CD or CICD generally refers to the combined practices of continuous integration and either continuous delivery or continuous deployment. CI/CD bridges the gaps between development and operation activities and teams by enforcing automation in building, testing and deployment of applications.

So, of course I get what that is, but frankly, I am not a developer.  If you came here for guidance from a developer, you really got lost.

I do write a decent amount of PowerShell scripts, but nothing on the order of actual development.  I spend a good deal of time trying to understand the weirdness that is the Dev mind, but never enough to get proficient.  In my quest to improve on this blog (and eventually a couple of other sites I have) I am going to work through the tutorial here:

First up, create the CI/CD pipeline.  You do this by signing into Azure, and adding the DevOps Starter.  As you create it, it gives you options to load a new web app with a variety of languages.  For our purposes, we are going to ‘Bring your own code’.


For this, I created a new Repo in DevOps.  When you are choosing your repository, you can select Git, BitBucket or Other Git.  I selected “Other Git, and entered the repository URL.  It is mine, not yours so it is private, and I need to enter credentials:

To get the URL and credentials, in Azure DevOps, go to Clone your repository, and copy the hyperlink and click on the ‘Generate Git Credentials’ button.  Copy all of that over to the Code repository screen.

I am going to chose a non-Dockerized ASP .NET Core Framework, and a Windows Web App.


For the create step, you can name everything.  If you click on additional settings, you can change the pricing tier.


Once you do that, it will deploy.  This creates a DevOps Project, an Azure Resource Group for the DevOps Starter and applicable resources in the Resource Group you gave it for the deployed solution. 

I actually went through this a few different times to fully understand what I was doing.  I don’t work in a development role, but I do enjoy building stuff.  It can be a bit much to understand/remember/follow if it isn’t something you either need or do often.  Don’t forget to remove any resources you create for this that you aren’t planning on continuing to use.  If you are new to Azure, you can get some free credits to help you learn.  It can get expensive if you aren’t paying attention to what you are doing.

Revisiting my Blog

I have spent a decent amount of time over the years, trying to convince myself to spend some time on my blog.  I have updated the OS of the VM that runs it.  I have migrated from whatever platform I started on (I think I had two different ones going at one point.)

I have once again gotten interested in blogging.  I have a colleague who started blogging.  You can find him here.  He is a bit easier to read than my stuff.

I am going to try getting into this again.  I have started down a couple of parallel paths.  This is a normal (bad) habit I have.  I get distracted by all the possibilities and become locked in an endless loop. 

For this go around, I have already stood up a dev instance of this blog in Azure.  It didn’t take long at all, and I was distracted (by real life) and didn’t spend more that a few minutes on it at a time.  I am also about to embark on a quest to use a bunch of the things that I am trying to work with in my normal job, to take this blog to the next level (ha). 

As of this writing, this blog has some behind the scenes updates that need to occur.  The MySql and PHP are not as up to date as they should be, and I only just got the WordPress version updated.  My last post was 19 months ago.  I can fix that by posting this.
I am working on a team that is moving to a Scaled Agile approach to our work.  I am in infrastructure, and DevOps/SAFe/Agile are all just a bit more challenging concepts to apply to infrastructure than to traditional dev workflows.  I am excited about this change, and my role in it, and it is still challenging.

So to wrap up the rambling speech to myself, my intent is to:

  • Move this blog to Azure
  • Add SSL (because it should be)
  • Track my work in Azure DevOps
  • Deploy via Visual Studio
  • Have a test/dev and production version
  • Add a few more posts to this blog
  • Learn

Thanks for reading.  See you at the next post.

Still not there

A while back, I said I was making progress on migrating this blog to Azure.  In case you care, I didn’t.

I was really interested in doing so for a little while, but got busy on other things, and … lost interest.  I am interested again, so maybe this time I will make it.

The capabilities are there, but my skills are not.  Mainly because I never take the time to just get it done.  I really enjoy technology, but I get distracted easily.  Also, like a mechanic’s car, my technology use is always a bit ugly.

A while back, I made a list of topics that I wanted to blog about.  I didn’t make it very far on that stuff.  Maybe 2018 will be a better year for that stuff.

Not quite yet…

So the other day I said that I was moving this blog to Azure.  I have tinkered with that, and am actually making a little progress.  (This happens when you put little effort/time into something).  I decided to bring it back up where it was in order to do an easier transfer of the image content.  We shall see how that works out.  Wish me luck…