When you create an Azure Web app, you are given an Azure website URL like mine fanray.azurewebsites.net, in this post I will
- Use my custom domain fanray.com instead of fanray.azurewebsites.net
- Buy an SSL certificate so my site URL can use HTTPS instead of HTTP
To map a custom domain the App Service you chose cannot be in the Free tier, in my last post Set up Fanray on Azure App Service I chose the Basic tier.
Start by first find your site IP address. Go to Azure Portal > your App Service > Settings > Custom domains.
Mapping a custom domain basically requires you to create 3 DNS records at your domain registrar,
- an A record, where A stands for Address, it deals with IP address and there should be one maps your root domain to your site IP
- another A record maps all subdomains to your IP or a CNAME record, where C stands for Canonical, it’s used as an alias often pointing the www subdomain to root domain
- a TXT record commonly used for verification purpose, App Service uses this record only at configuration time, to verify that you own the custom domain
After all three records have been created at my registrar, my DNS looks like this,
Go back to Azure Portal, Custom domains, click on Add hostname, enter and validate both fanray.com and www.fanray.com.
HTTPS is important not only because of security but also because Google prefers HTTPS as a ranking signal.
Buy an SSL Certificate on Azure
You can buy an SSL certificate directly on Azure for $69.99/yr Standard or $299.99/yr Wild Card. Both covers only a single domain, the Standard will cover both the root domain and www subdomain, while the Wild Card can give you other subdomains, say you want blog.mysite.com.
If you need a certificate that covers multiple domains, currently you have to buy it else where, one option would be Digicert’s Multi-Domain (SAN) Certificates. Then you would need to manually upload the certificate to Azure.
Also be aware if you buy the certificate on Azure and you are using a subscription, your purchase will be charged towards your monthly credit. And if your credit is less than the cost of the certificate, it will cause your subscription to be disabled.
To buy it on Azure, go to https://portal.azure.com/#create/Microsoft.SSL to get started.
Store Cert in Azure Key Vault
It takes a few minutes for the purchase to complete, then it will open the App Service Certificate blade for you. Go to Certificate Configuration and click on Step 1 to store this certificate in Key Vault. During this process, you can choose an existing Key Vault or create a new one. The Standard cost is $0.03/mo.
Verify Domain Ownership
Click on Step 2: Verify
If you bought your domain with Azure you can simply click on verify, otherwise you can verify through an email you receive. The email contains a link clicking on which will take a you to GoDaddy and ask you to approve the certificate. Step 2 will take 5 to 10 minutes to complete on its own. After this completes you will see step 1 to 3 all check marked.
Import Certificate and Create Binding
Finally assign the certificate to your app, go to App Service > SSL certificates > click on Import App Service Certificate
After that add bindings to both root and subdomain, fanray.com and www.fanray.com.
Turn on HTTPS Only
Finally go back to your App Service > Settings > Custom domains, and turn on the HTTPS Only option, this will redirect all HTTP traffic to HTTPS.
- Map an existing custom DNS name to Azure Web Apps
- Buy and Configure an SSL Certificate for your Azure App Service
Thus far I have launched the site live and gotten my custom domain and https working. But there is an issue, the website can be accessed from both the root domain fanray.com and the www.fanray.com subdomain, for SEO purpose I will want to set up Preferred Domain and URL Redirect.