You’ve received an email reminding you that an SSL/TLS certificate is about to expire, or worse; you discover the certificate has already expired. First, you remember how this happened last year. Second, you desperately search to find which certificate authority you used for this certificate, and where you stored the username and password. Next, you seek authorisation for the expense, raising a purchase order and obtaining approvals. Finally, you begin the arduous task of updating all the systems using this certificate, without the process document you said you’d write last year.
In this article, we’ll explore how to automate SSL/TLS certificate issuance on Microsoft Azure with Let’s Encrypt. Let’s Encrypt are a certificate authority with a mission to enable ubiquitous usage of HTTPS across the internet by providing free SSL/TLS certificates.
The Automated Certificate Management Environment (ACME) protocol is designed to automate the certificate issuance. The cost of operations with ACME is so small, certificate authorities such as Let’s Encrypt offer genuine, trusted certificates for free. Considering certificate authorities usually charge hundreds of dollars per certificate, the effort to utilise ACME becomes very cost effective. However, as ACME is entirely automated, it’s unable to offer Extended Validation (EV) certificates, but for most situations, standard Domain Validation (DV) certificates are well suited.