It happened – an expired SSL certificate broke https security for the website! The Azure Web Job to automatically renew the quarterly LetsEncrypt SSL Certificate did not work (for a number of reasons, one being that an old subscription and deleted unused service principal’s information were still registered in the Application Settings for LetsEncrypt) and the website was now only avaible via http. Yikes!

1. Multiple attempts to set up a new LetsEncrypt SSL certificate for the website kept giving the error that the ‘old’ service principal wouldn’t work, even though all available configuration settings and storage account web jobs information had been changed and updated:

2. After multiple unsuccessful attempts we tried buying an Azure SSL certificate – but that too didn’t work!

3. So we decided to buy an SSL certificate from a CA (certificate Authority) that we had used in the past. But, now how to quickly generate the required CSR (certificate signing request) without access to a server since there is no access the underlying server(s) of a PaaS Azure App Service Plan? Digicert Utility to the rescue!

4. Instructions say to download and install Digicert Utility on ‘your server’ – do we now have to get access to a VM web server to do this? NO!!

5. Turns out we were able to use the Digicert Utility on a W10 client, even without IIS installed, to generate the CSR, AND import, then export the purchased SSL in .PFX format, ready to be installed onto the website. The underlying machine platform information where Digicert Utility is installed is NOT captured on the CSR, or the exported ssl certificate!