You can now protect your custom DNS name with a free SSL Certificate from Microsoft.
Microsoft announced that Azure App Services (Web Apps) are now entitled to a free SSL Certificate provided by Microsoft. Your App Service Plan needs to be a B1 or larger (Free and Shared tiers do not support SSL).
The free App Service Managed Certificate is a turn-key solution for securing your custom DNS name in App Service. It's a fully functional SSL certificate that's managed by App Service and renewed automatically. The free certificate comes with the following limitations:
Does not support wildcard certificates.
Does not support naked domains.
Is not exportable.
Does not support DNS A-records.
The free certificate is issued by DigiCert. For some top-level domains, you must explicitly allow DigiCert as a certificate issuer by creating a CAA domain record with the value: 0 issue digicert.com.
Create a Website with a Certificate
Deploy and App Service
Firstly deploy an App Service Plan, and an App Service, and then browse to the Web App in the portal.
Copy the App Service URL to your clipboard
Configure DNS
Next, add a CNAME record to your DNS provider, and paste the URL as the destination CNAME, you will need to remove the https:// prefix. In my example, I created the CNAME record freessl.micahjardine.com.
Confirm the Domain in the App Service
Go back to your App Service and select on Custom Domains, enter your custom domain and click validate, if DNS has replicated your domain will be confirmed.
Create your free certificate
Go to TLS/SSL Settings, check the Private Key Certificates Tab, and click on Create App Service Managed Certificate
Once the certificate is created you will be able to see it under the Private Key Certificates
Add SSL Binding
Back in Custom Domains, add the SSL Binding to your website and select the certificate you just created. Don't forget to press Validate
If you browse back to the Overview you can now see the URL for your web app, click on the URL to browse to your website.
SSL Verification
Your website will now be protected by SSL with valid public certificate, which is completely managed by the app service!